Length: 2 Days
Print Friendly, PDF & Email

Bluetooth Security Training

Bluetooth is a short-range wireless communication technology that allows devices such as mobile phones, computers, and peripherals to transmit data or voice wirelessly over a short distance.

The developers of Bluetooth, Ericsson (which has since become Sony Ericsson), endeavored to create a single standard for wireless technology networking that could be easily and inexpensively integrated into various electronic devices for ease of connectivity while using very little energy.

This has led to Bluetooth’s enormous popularity. But this short-range architecture has also made it vulnerable to bad actors intent on intercepting Bluetooth signals.

Over the past few years, millions of Bluetooth users have been impacted by various vulnerabilities including BlueBorne, KNOB and most recently Sweyn Tooth.

Security specialists report that hackers in close physical proximity to vulnerable devices can abuse this vulnerability to remotely trigger deadlocks, crashes, and even bypass security in BLE products, allowing them to arbitrary read or write access to device’s functions that are otherwise only allowed to be accessed by an authorized user.

One of Bluetooth’s greatest vulnerabilities is eavesdropping. Eavesdropping can happen even when you are not connected to a Bluetooth device; in some cases, an individual can access your phone or tablet’s microphone to hear what’s happening around you. If another person can eavesdrop on your call, you might unwittingly reveal sensitive information that can compromise personal and digital security.

Bluetooth devices are the most vulnerable when they are in pairing mode. At that point, they are actively searching for other devices, which makes it easier for eavesdroppers to gain access. It’s recommended that you avoid pairing Bluetooth devices in crowded public spaces like coffee shops or train stations. Instead, move to a place away from other people. Keep track of all of your Bluetooth connections and never accept unknown pairing requests.

The fix for many Bluetooth vulnerabilities is to install security updates as soon as they are released.

Bluetooth Security Training Course by Tonex

Bluetooth Security Training is a 2-day practical course covering the security capabilities of Bluetooth. The course provides coverage on Bluetooth weaknesses, threat vectors, Bluetooth security features, Bluetooth attacks and guidelines to organizations employing Bluetooth technologies on securing them effectively. The course covers Bluetooth versions  1.1, 1.2, 2.0 + Enhanced Data Rate (EDR), 2.1 + EDR, 3.0 + High Speed (HS), 4.0, 4.1, and 4.2. Versions 4.0, low energy feature of Bluetooth and Buetooth 5.0 (BT5.0).

Bluetooth wireless technology and devices are susceptible to general wireless networking threats including denial of service (DoS) attacks, eavesdropping, man-in-the-middle (MITM) attacks, message modification, and resource misappropriation. Attacks against Bluetooth devices can provide attackers with unauthorized access to information and unauthorized access.

Learning Objectives

Upon completion of this course, the participants will be able to:

  • Discuss architecture elements of Classic Bluetooth and Bluetooth Low Energy (BLE)
  • Compare Classic Bluetooth vs. Bluetooth Low Energy (BLE) protocols, security features
  • List Bluetooth Classic and Bluetooth Low Energy vulnerabilities, threats, attack types and countermeasures
  • List Bluetooth Classic and Bluetooth Low Energy protocols, vulnerabilities, threats, and countermeasures
  • Analyze L2/L3 packets in both Classic Bluetooth and Bluetooth Low Energy (BLE)
  • Analyze security features in Bluetooth Low Energy GATT profiles

Overview of Bluetooth Wireless Technology

  • Bluetooth Architecture
  • Classic Bluetooth Physical Layer
  • Bluetooth Channels and Principles of Frequency Hopping
  • Classic Bluetooth Protocol stack
  • Asynchronous Connection-Less (ACL)
  • Synchronous Connection-Oriented (SCO)
  • Active Slave Broadcast (ASB)
  • Parked Slave Broadcast (PSB)
  • Link control protocol (LC)
  • Link manager protocol (LMP)
  • Low-energy link layer (LELL)
  • Host controller interface (HCI
  • Classic Bluetooth Host stack
  • Logical link control and adaptation protocol (LCAP)
  • Bluetooth network encapsulation protocol (BNEP)
  • Radio frequency communication (RFCOMM)
  • Service discovery protocol (SDP)
  • Telephony Control Protocol Specification (TCS)
  • Audio/video control transport protocol (AVCTP)
  • Audio/video distribution transport protocol (AVDTP)
  • Object exchange (OBEX)
  • Bluetooth Low Energy (BLE) Physical Layer
  • BLE Protocol stack
  • Low Energy Attribute Protocol (ATT)
  • BLE Profiles and Services
  • Bluetooth Low Energy (BLE) Controller and Host stack
  • Generic Access Profile (GAP)
  • Generic Attribute Profile (GATT)

Bluetooth Classic and BLE Operations

  • Bluetooth packet structure and connection procedures
  • Device Discoverability and Connectability
  • Masters and Slaves
  • Device Addressing
  • Pairing and Bonding
  • Security Modes and Levels
  • Pairing Modes
  • Pairing Phases
  • Pairing Procedures
  • STK generation methods
  • Just Works
  • Passkey Display
  • Out of Band (OOB
  • Numeric

Overview of Bluetooth Security Features  

  • Connecting to Secure Bluetooth Networks
  • Security Features of Bluetooth BR/EDR/HS
  • Security Features of Bluetooth Low Energy (BLE)
  • Pairing and Link Key Generation
  • Authentication
  • Confidentiality
  • Bluetooth Trust Levels, Service Security Levels, Modes and Authorization
  • Bluetooth Low Energy (BLE) Security
  • BLE Security Modes and Levels
  • BLE Pairing Methods
  • Legacy Low Energy Key Generation and Distribution
  • BLE Secure Connection Key Generation
  • BLE CIA (Confidentiality, Authentication, and Integrity)
  • BLE Short Term Key (STK) and Long Term Key (LTK)
  • LTK Derivation from Bluetooth Link Key
  • Bluetooth Link Key Derivation from Low Energy Long Term Key

Bluetooth Application and Service Attacks

  • Bluetooth Cyptographic Attacks
  • Bluetooth Classic and BLE Threat Actors
  • Bluetooth Classic and BLE Vulnerabilities, Threats, and Countermeasures
  • Bluetooth Classic and BLE Risk Mitigation and Countermeasures
  • Bluetooth Classic and BLE Security Checklist and Mitigation Road maps
  • Overview of Open Source Tools



Bluetooth Security Training

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.