Bodungen is a Houston-based industrial cyber security consultant and the
Bluetooth, a short-range radio specification, provides a convenient means of wireless, device-to-device communication for a growing variety of consumer gizmos, ranging from cell phones, earsets and headsets to personal digital assistants (PDAs), home medical devices and game controllers. Bluetooth is also used to provide wireless links between personal computers (PCs) and keyboards, printers and other peripherals. Some manufacturing plants today are already using Bluetooth-enabled printers and keyboards, says Bodungen, and Bluetooth is increasingly being considered for a variety of industrial uses, including machine-to-machine communication, data acquisition and automated meter reading. Expansion of these latter kinds of uses pose the biggest potential threat for manufacturers, he says.
By design, Bluetooth has a limited effective range—typically up to about 10 meters, or 32 feet—a feature that some might believe would cancel out most cyber threats, since hackers would need to be physically close to wirelessly tap into a Bluetooth device. But Bodungen points out that with a strong transceiver, Bluetooth range can be extended to around 300 feet. And in many cases, Bluetooth signals can be picked up around the perimeter of buildings where the technology is used, says Bodungen.
Among other things, Bodungen participates in so-called “red team” penetration testing, in which he and others are hired by industrial companies to pose as cyber bad guys to test the effectiveness of a company’s cyber defenses. “On one of our recent jobs, we were doing a nighttime surveillance, and we were sitting in the woods about 20 to 30 yards away from a building doing a scan, and we were picking up Bluetooth peripherals,” he reveals. Many manufacturers don’t realize how easy it is for outsiders to get physically close to, or even inside, their facilities, Bodungen observes.
Exacerbating the problem is that “Bluetooth was not designed with security in mind,” Bodungen adds. The result is Bluetooth vulnerabilities that can easily be exploited by cyber miscreants, he says. And once hackers gain access to a Bluetooth-enabled device that has links to a controls system network, they can use that access to download information from servers or controllers, or to launch denial of service attacks, Bodungen says.
The degree to which Bluetooth hacking becomes a widespread threat to critical infrastructure control systems may depend upon how common the technology becomes within automation and control systems environments, Bodungen observes. But the threat is definitely there, he says.
What’s the antidote? While there are Bluetooth security measures that can be taken, the technology remains too insecure for use in critical applications, Bodungen believes. “In a process control environment or an industrial network environment, you shouldn’t use Bluetooth for anything,” Bodungen declares. “Use wires instead.
“What’s more important?” he asks. “The inconvenience of having wires running to devices, or leaving a vulnerability into a critical system?”