Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Wireless Networking Security Technology

Bluetooth Gains Direct Internet Access, Security Enhancements 47

jfruh writes: The Bluetooth spec never quite became the worldbeater it was billed as, but it's aiming to become indispensible to the Internet of Things. Updates to the spec make it possible for low-powered Bluetooth devices to gain direct access to the Internet, and, perhaps more importantly, make those devices a lot harder to hack.
This discussion has been archived. No new comments can be posted.

Bluetooth Gains Direct Internet Access, Security Enhancements

Comments Filter:
  • Comment removed based on user account deletion
  • by Anonymous Coward

    > The Bluetooth spec never quite became the worldbeater it was billed as, but it's aiming to become indispensible to the Internet of Things. Updates to the spec >make it possible for low-powered Bluetooth devices to gain direct access to the Internet, and, perhaps more importantly, make those devices a lot harder to hack.

    How does being connected to the internet make a device harder to hack? It seems to me the more connected a device is the EASIER it is to hack.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Reading comprehension.

      They have made updates to the spec. Those updates make devices following that spec harder to hack and allow internet access.

      • by Jahta ( 1141213 )

        Reading comprehension.

        They have made updates to the spec. Those updates make devices following that spec harder to hack and allow internet access.

        Except that nothing is "harder to hack" than a device with no network connectivity; something that gets forgotten in the Internet of Things hype. Your toaster really doesn't need to be online, no matter how good the spec is.

        • My toaster does not need to be online. But neither does your phone, or even your home or office for that matter. If we're going to limit ourselves to "need" as the basis for which technology we build you're gonna have to give up a lot of things.

          No one is going to make you put your toaster online if you don't want to. But just because you can't think of anything to do with that technology doesn't mean that no one else can, and whining that other people want to try is just sad and selfish.

          • by mlts ( 1038732 )

            My computer is online, similar with my Wi-Fi network...

            But, my Internet connected devices are behind a solid firewall that puts the kibosh on unauthorized connections in, and out (for example, nothing, and I mean -nothing- needs to ever send traffic to the Internet on port 25 from my LAN. Receiving, perhaps a different story if I went with a dynamic DNS approach, but outgoing E-mail gets relayed to a proper SMTP server via port 465 and SSL/TLS in place no matter what.)

            What needs to be a part of IoT is a LA

        • Except that nothing is "harder to hack" than a device with no network connectivity; something that gets forgotten in the Internet of Things hype. Your toaster really doesn't need to be online, no matter how good the spec is.

          Not the point, GP is right. They've made enhancements to Bluetooth that a) give it internet addresses AND b)new security features. The statement in the story suggests that b) more than compensates for a).

          Yeah, the toaster or coffee maker doesn't need to be online. But it is useful if the home security system is online. Say I'm at work and my kid is locked out of the house, I can, sitting at my desk, send a command from my phone to open the garage door and let him in, without having to leave my offic

  • by Anonymous Coward

    I've literally never seen the words "gains direct internet access" and "security enhancements" in the same sentence before and I hope never to do so again. A quick look at the links does indeed show that these two things are promised by the new standard, but I'm not a programmer or a security expert, I couldn't hope to penetrate the 2700 page official document.There's no requirement for manufacturers to jump to the new specification either (check the FAQ document) so if the security stuff is the slightest b

  • by Anonymous Coward

    BINGO!

  • by Anonymous Coward on Tuesday December 09, 2014 @12:03AM (#48552963)

    Harder to hack or harder to crack? It would be nice if we could use hack to mean hack at least here "News for nerds".

  • How exactly does it connect "directly to the internet" ? It doesn't have 3G/WiFi capability.

    All I can see is that a BT 4.2 device can connect to an 'internet connected' router / phone which also supports this BT 4.2 profile (similar to PAN in BT3 with which we could do an internet tether or file share etc).

    How is this "directly connected to the internet" when it is using a router to access the net. And all BT4 devices connected to smartphones are anyway getting data to/fro from the internet - like uploading your running data to a website etc.

    Anyone with a better understanding care to explain ?

    • by Matheus ( 586080 ) on Tuesday December 09, 2014 @02:10AM (#48553269) Homepage

      DRTFA and BRTFS but I can give you an few lil tidbits about this:

      1) Everything connected to the internet is connected to a router somewhere along the line... that's not interesting.
      2) There are a lot of ways to connect to the internet that have absolutely nothing to do with WiFi or 3G.
      3) Right now a Bluetooth device can connect to another device. That device may provide a variety of services for said Bluetooth device including providing network connectivity BUT that device isn't really connected to the Internet itself. The new spec provides this device to be connected "more directly" to the net as in it will have its own IP address. The router that it is connecting to supporting the BT4.2 protocol is really no different from the WiFi access point your WiFi equipped device is talking to. Just need to add to the alphabet soup: a,b,g,n,bt

    • by Ungrounded Lightning ( 62228 ) on Tuesday December 09, 2014 @02:35AM (#48553323) Journal

      How is this "directly connected to the internet" when it is using a router to access the net.

      By that definition, NOTHING connects directly to the internet.

      Anyone with a better understanding care to explain ?

      The proper definition of a host running an internet-facing application being "directly connecting to the internet" is using IP for the first hop, with the packets having a route from there to and from the rest of the Connected (capital-I) Internet.

      Bluetooth 4.2 added support for IPv6 to/from bluetooth devices. This means IP packets formed on, or directed to, the Bluetooth 4.2 hosts, for delivery to/from other Internet-connected devices, do not require a protocol-translation gateway to select and translate some subset of the packet types, services, and features, modifying the transport semantics to support some tiny subset of functionality that the gateway explicitly understands. An IP packet formed on the bluetooth device goes all the way to its destination semantically unmodified, and ditto packets going from some other device to the bluetooth device. The full feature set of IP (or as much of it as the stack implementer choses to support) is available, while the routers can be "as dumb as rocks" and totally ignorant of what the application on the Bluetooth device is up to, in classic Internet style.

      A Bluetooth 4.2 device, using IPv6 and with a route, IS on the Internet, and is a peer to all other internet-connected hosts.

      • How is this "directly connected to the internet" when it is using a router to access the net.
        By that definition, NOTHING connects directly to the internet.

        I feel like there is a Zen koan here:
        The student asked the master, "How will I know when my computer has connected to the internet?" The master replied, "Only when it is connected to nothing will you know".

    • by romiz ( 757548 )
      The difference is about Bluetooth & Bluetooth Smart (aka Low Energy). The second one is in fact a different protocol, once called Wibree, which uses some parts of the Bluetooth stack, but not a lot of it. While Bluetooth "Classic" already has network connectivity through PAN since a long time ago, Bluetooth Smart, introduced in the 4.0 revision of the specification, does not.

      The main reason for this is that the maximum packet size in Bluetooth Smart is quite small (around 256 bytes in the original sp
    • I think the phone was a bad example, since all phones would probably have WiFi. Which would bring up another question - wouldn't Bluetooth 4.2 be to WiFi what 100BaseT is to Gigabit Ethernet? In other words, an equivalent standard, but slower?
  • From the Bluetooth 4.2 FAQ:

    Are there any mandatory features that need to be implemented to claim compliance to Bluetooth 4.2?

    No, as was the case with Bluetooth 4.1, there are no mandatory features that must be claimed to use the
    Bluetooth 4.2 specification. However, manufacturers are required to implement all errata applied to Bluetooth 4.2
    in order to comply with the specification.

    In order words, Chinese equipment manufacturers will implement the least amount possible to be able to communicate with Bluetooth 4.2-compatable internet gateways but implement none of the FIPS-compliant security measures.

  • You misspelled Backdoor. We know how riddled with backdoors, default/fixed passwords, vulnerabilities that never gets fixed and so on are typical consumer embedded devices. And we know how pushy are governments forcing manufacturers to include their backdoors, or to use weak encryption standards, to make them hackeable at will (even assuming good will of the main/components manufacturers, that are not all saints).

    What possibly could go wrong?

    • "What possibly could go wrong?"

      You will be attacked by your refrigerator.

      • "What possibly could go wrong?"

        You will be attacked by your refrigerator.

        When you step on the iScale you have to step on to access the menu screen of your SmartFridge, it might decide you've already had enough to eat that day, and report your repeated attempts to overeat to your insurance company, and activate your Schwinn Over the Airflow exercise bike to beep every 5 seconds until you hop on and do a brisk 5 miles before allowing the SmartFridge to open again.

        After it allows it to open again, you decide you want a beer to cool off with. The beer has an rfid chip in it, and u

  • by sad_ ( 7868 ) on Tuesday December 09, 2014 @07:01AM (#48554119) Homepage

    "The Bluetooth spec never quite became the worldbeater it was billed as"

    What are you talking about, BT is the de-facto standard for connecting wirelessly with almost any device today, ranging from audio devices to input devices to applliances, how has it not beaten any comparable specification, in fact is there even another _usable_ alternative?

    • by fisted ( 2295862 )
      Is shit, especially as of Feb 2014 [summitdata.com]
    • Precisely. I have a cell phone, a smart watch, a car, a motorcycle headset, a stereo headset, a tablet, a keyboard, a mouse, and a half-dozen other Bluetooth capable devices here. Two billion Bluetooth devices shipped in 2012 [cusersomxd...rtfinalpdf], and they're expecting over 20 BILLION total devices by 2017 - about 3 per person on the face of the Earth. How is that not a "worldbeater"?
    • "The Bluetooth spec never quite became the worldbeater it was billed as"

      What are you talking about, BT is the de-facto standard for connecting wirelessly with almost any device today, ranging from audio devices to input devices to applliances, how has it not beaten any comparable specification, in fact is there even another _usable_ alternative?

      I'm assuming O.P. is of the opinion that Bluetooth was massively over-hyped when it was first introduced to the masses (c. 2001/2002... I seem to remember seeing a ridiculous billboard promising that it would change the world, etc.). However, nobody really used it for a long time. At this point in history, USB had firmly displaced PS/2 (while slowly encroaching on other ports--audio, ethernet, etc.) and WiFi had just gotten fast with the draft g spec. BT was the new kid on the block that everybody ignored.

    • "The Bluetooth spec never quite became the worldbeater it was billed as"

      What are you talking about, BT is the de-facto standard for connecting wirelessly with almost any device today, ranging from audio devices to input devices to applliances, how has it not beaten any comparable specification, in fact is there even another _usable_ alternative?

      How about IRDA for remote controllers? Do they have any reason to switch to Bluetooth?

  • I never thought I would hear 'directly connected to internet AND more secure' in the same sentence. Is it April fools?
  • Shouldn't it be "makes it more secure and perhaps allows connectivity to Internet"

    With all the holes we've seen in everything, security should be thought of the first minute, not even wait to the middle of first day of design. The only thing I saw in that landing page is "uses more encryption" which may improve information (read: privacy) leaks, but doesn't do much for security and being hacked into. This with the Sony hack still on the first page.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...