Watch Out for Bluetooth Hacking

April 12, 2007
As use of short-range, wireless Bluetooth technology expands in manufacturing plants, it could provide a new controls system attack vector for cyber criminals, says consultant.
Is wireless Bluetooth technology used anywhere in your manufacturing plant? If so, you could be exposing your controls network to hackers, terrorists or others with malicious intent. That warning comes from Clint Bodungen, who sees “Bluetooth hacking” as a potential “new frontier” for industrial cyber bad guys.  Bodungen is a Houston-based industrial cyber security consultant and the U.S. president of the Critical Infrastructure Institute, which provides security training and education. He identified Bluetooth as “a new attack vector for hackers” during a presentation at the annual meeting of the Process Control Systems Forum (PCSF) March 6-8 in Atlanta. And during a recent interview with Automation World, Bodungen expanded upon those comments. Bluetooth, a short-range radio specification, provides a convenient means of wireless, device-to-device communication for a growing variety of consumer gizmos, ranging from cell phones, earsets and headsets to personal digital assistants (PDAs), home medical devices and game controllers. Bluetooth is also used to provide wireless links between personal computers (PCs) and keyboards, printers and other peripherals. Some manufacturing plants today are already using Bluetooth-enabled printers and keyboards, says Bodungen, and Bluetooth is increasingly being considered for a variety of industrial uses, including machine-to-machine communication, data acquisition and automated meter reading. Expansion of these latter kinds of uses poses the biggest potential threat for manufacturers, he says. Physically close  By design, Bluetooth has a limited effective range—typically up to about 10 meters, or 32 feet—a feature that some might believe would cancel out most cyber threats, since hackers would need to be physically close to wirelessly tap into a Bluetooth device. But Bodungen points out that with a strong transceiver, Bluetooth range can be extended to around 300 feet. And in many cases, Bluetooth signals can be picked up around the perimeter of buildings where the technology is used, says Bodungen. Among other things, Bodungen participates in so-called “red team” penetration testing, in which he and others are hired by industrial companies to pose as cyber bad guys to test the effectiveness of a company’s cyber defenses. “On one of our recent jobs, we were doing a nighttime surveillance, and we were sitting in the woods about 20 to 30 yards away from a building doing a scan, and we were picking up Bluetooth peripherals,” he reveals. Many manufacturers don’t realize how easy it is for outsiders to get physically close to, or even inside, their facilities, Bodungen observes. Exacerbating the problem is that “Bluetooth was not designed with security in mind,” Bodungen adds. The result is Bluetooth vulnerabilities that can easily be exploited by cyber miscreants, he says. And once hackers gain access to a Bluetooth-enabled device that has links to a controls system network, they can use that access to download information from servers or controllers, or to launch denial of service attacks, Bodungen says. Just say no The degree to which Bluetooth hacking becomes a widespread threat to critical infrastructure control systems may depend upon how common the technology becomes within automation and control systems environments, Bodungen observes. But the threat is definitely there, he says. What’s the antidote? While there are Bluetooth security measures that can be taken, the technology remains too insecure for use in critical applications, Bodungen believes. “In a process control environment or an industrial network environment, you shouldn’t use Bluetooth for anything,” Bodungen declares. “Use wires instead.  “What’s more important?” he asks. “The inconvenience of having wires running to devices, or leaving a vulnerability into a critical system?”Critical Infrastructure Institutewww.ci-institute.org

Sponsored Recommendations

Meet our experts - Reduce complexity of a DCS Migration

Sign up for a complementary onsite assessment.

Revolutionizing Germany’s energy landscape: The Wilhelmshaven floating LNG terminal

The German LNG terminal lays the groundwork for future sustainable energy initiatives. Here's how Schneider Electric helped make it happen.

Navigating Distributed Control Systems Migration

Navigating Distributed Control System (DCS) migrations doesn't have to be as complex as it seems. Whether you are planning a migration or seeking to enhance ...

Revolutionize process safety with Tricon CX V12

The most versatile TÜV certified safety instrumented system. One system with a choice of architectures and form factors delivering a lifetime of safe, resili...