Bluetooth Frequency Hopping and Packet Transfer

Summary

Excerpt From Bluetooth Vulnerabilities (Part 2) Webinar
Learn more about the Bluetooth Frequency Hopping and Packet Transfer Presented by CTO, Dr. Brett Walkenhorst
In his explanation of Bluetooth communication protocols, Dr. Brett Walkenhorst emphasizes the protocols’ set time intervals and the data transmission that takes place inside them. Devices switch frequencies after every connection event; in order to limit predictability and improve security, the precise frequency is chosen using a random sequence. Bluetooth connectivity is important for advertising channels. Once a connection is made, traffic visibility is limited. Bastille employs a wide-ranging radio frequency sensor to record and examine the complete spectrum, enabling the identification of linked devices and post-connection potential vulnerabilities.

Video Transcript

So in this diagram on the upper right, You see this connection event is a fixed time interval, but once that's negotiated, it stays there and we do a little data exchange back and forth and at the end of that connection event, we go to the next frequency. And that next frequency may not be obvious.

It shouldn't be for the most card, but there is there is a mechanism for just doing a fixed step size, in terms of channel number. But for the most part, the both the cloud and the le protocols use a pseudo random sequence to hop around in frequency with the idea that gonna be hard for someone else to follow that.

They're just roaming around, and that's how you do the multiple access. Oh, and by the way, most of the devices that are listening for Bluetooth end up sitting on one of these advertising channels and just listening on that one channel, which means that they they miss the majority of the traffic once a device connects, that sniffer is oblivious.

It doesn't know what's happening because it it cannot see any of the traffic from that device after it's connected. Well, at at Bastille, we take in all that data. We talked about that RF sensor and how broadband it is. We we take in that entire spectrum and with analytics on the back end makes sense out of who's talking to whom, when.

And so we don't have to follow anybody's sequence. We just gather all the data together. So that's an important differentiator so that we can see those connected devices, which is critical, I think, because a lot of the vulnerabilities come about Once a device has connected, and if you can't see any more, then you can't you can't bring visibility to what's really important.