Nowadays, it would have been possible to communicate via club-foot. That reality would have happened if a consortium of Indian and Soviet industries had adopted, for commercial use, the Frequency Hopping Spread Spectrum, patented in 1941, under the name of Secret Communication System, and conceived to be used to guide navy torpedoes.
Logically, a simple name linked to a common great historical personage, the consortium would have opted for Timur (Tamerlane), the conqueror who left us, among other beauties, Samarkand, Bukhara, Khiva but also, thanks to his sons who conquered the Northern part of India, the Taj Mahal. His name, Timur-i-lang, means Timur the lame or Timur club-foot, a lifelong consequence of a heavy horse fall during his youth.
Yet destiny had decided otherwise. A Scandinavian consortium bringing together Ericsson and Nokia, in its research to connect wireless different devices between them, created in 1998 a Special Interest Group for this goal, in cooperation with the American giants IBM and Intel as well as the Japanese Toshiba.
When the group finalized the operational details and before going to the market with this new technology, a long closed-doors conversation took place, with the aim to find a name, even provisory, to this new connectivity tool. Then, an engineer within Intel, Jim Kardach, passionate of history, suggested to use bluetooth (Blåtand), the posthumous1 nickname of Harald Gormsson, the first Viking king to become a Christian. With this new religion, he succeeded to federate all the Danish tribes2, exactly as the new connectivity will federate all IT&C tools already equipped with a wi-fi functionality. Such was the technical commission decision, waiting for the marketing teams to come out with a more attractive brand. On the contrary, the last, working on Harald, succeeded to build the logo in a record time: they just fusioned, in an oval frame of blue colour as the teeth, the two runic initials corresponding to H (from Harald) and B (from Blåtand).
Today, more than 2.5 billion devices are equipped with this functionality and Bluetooth is promised a bright future3.
But is it safe to use this technology?
As with any very popular tool, the answer is yes, but with caution. As an open system, Bluetooth was not born to be particularly resilient, but to be extraordinarly performant in its tasks. There is a huge amount of ways to hack any device with Bluetooth enabled, and we know many countermeasures to avoid it4.
In September 2017, the US Cert5 as well as almost all niche media sent an alarm about a new vulnerability, exploited by an intruder – nicknamed Dubbed Blueborne 6 – which took the place of the legitimate connection, to be able to infiltrate PCs, smartphones and tablets via their Bluetooth captor, and affecting all existing systems(PC, iOS, Android, Linux-Kernel).
Apple and Microsoft delivered quickly the necessary patches, meaning that iOS10 as well as Microsoftusers, duly updated, are now safe, but not smartphones running on Android.
Nevertheless, the first essential precaution to take as a simple user is to systematically switch off Bluetooth when not needed, exactly as the article on Dubbed Blueborne underlined in its subtitle: “A good reason to turn off Bluetooth when you’re not using it”.
As a matter of fact, as with many other exploits before, Dubbed Blueborne could not rob its victims outside the transmission/reception perimeter of the hacker’s device and only if the Bluetooth function was enabled.
If you are active in the field of business security, there are many precautions to take and perimeters to establish. For this, the National Institute of Standards and Technologies (NIST) published in 2016 a complete manual, the “Guide to Bluetooth Security”, nowadays at its second consultative version. This booklet, dedicated to CISOs, CSO sand CIOs but also to Risk Managers, is a “must” to download and read to be able to take the best decisions according to each area of the ecosystem to be defended7. Else, the seminar booklet “Bluetooth Security” by Prof. Antan Giousouf of the Communications Security Department of the Ruhr University8, is crystal-clear and well-illustrated, could be a more agreeable to-read alternative than the NIST guide, allowing to make oneself quickly a holistic idea of the problematic and how to mitigate it.
Laurent Chrzanovski (HDR Postdoc Phd MA BA) is a Professor at the Doctoral and Postdoctoral School of Social Sciences at the University of Sibiu (Romania). Thanks to his work experience in 12 European and South Mediterranean countries, he has since 2010, expanded his fields of research into cyber security, social, behavioral, cultural and geopolitical aspects. As such, he is a member of the ITU (UN-Geneva) cyber-security expert group and a contract consultant for the same institution, as well as for several Swiss and French think-tanks (PPP). He founded in 2013 and continues to run, the “Cybersecurity in Romania”, a macro-regional public-private platform (www. cybersecurityromania.ro), supported by the ITU, all related public institutions in the host country, as well as many other specialist organizations from France, Switzerland, Italy and the United Kingdom. In the same spirit, he co-founded in 2015 and is editor-inchief of one of the very few free quarterly cyberprevention journals (a PPP) designed for the general public. Originally, intended for Romanian audiences, Cybersecurity Trends is today published – with the collaboration of prestigious specialist partners – in multiple languages adapted to French, Italian, English (as of June 2017) and German (as of September 2017) audiences (https://issuu.com/cybersecuritytrends). It should be noted that the Congress and the magazine have been promoted and supported by the ITU since 2015 as the “Best Practice Example for the European Continent”. Laurent Chrzanovski is the author / editor of 23 books, of more than 100 scientific articles and as many other texts intended for the general public.