Bluetooth Communication

1.    Communication

A Bluetooth transceiver is a frequency hopping spread-spectrum (FHSS) device that uses the unlicensed (worldwide) 2.4 GHz ISM (Industrial, Scientific, Medical) frequency band. In most countries, there are 79 channels available. The nominal bandwidth for each channel is 1MHz. When connected to other Bluetooth devices, a Bluetooth device hops (changes frequencies) at the rate of 1600 times per second for typical use, with a residence time of 625 µsec. When in inquiry or page mode, it hops at 3200 hops per second with a residence time of 312.5 µsec. A Bluetooth transceiver uses all 79 channels, and hops pseudo-randomly across all channels at a rate of 1600 hops per second for standard transmissions. It has a range of approximately10 meters, although ranges up to 100 meters can be achieved with amplifiers. Because the transceiver has an extremely small footprint, it is easily embedded into physical devices, making it a truly ubiquitous radio link. The Bluetooth specification uses time division duplexing (TDD) and time division multiple access (TDMA) for device communication. A single time slot is 625 µ sec in length, representing the length of a single-slot packet. At the Baseband layer, a packet consists of an access code, a header, and the payload, as shown in Fig. 3. The access code contains the piconet address (to filter out messages from other piconets) and is usually 72 bits in length. The header contains link control data, encoded with a forward error-correcting code (FEC) with a 1/3 rate for high reliability. Such code is a repetition code and thus every bit in the header is transmitted three times. The header is usually 18 bits in length, and includes the active member address for a currently active slave. The payload can contain from 0 to 2745 bits of data, and may be protected by a 1/3 rate FEC (simple bit repetition, for SCO packets only), a 2/3 rate FEC (which is a (15,10) shortened Hamming code capable of correcting all one-bit errors and detecting all two-bit errors), or a 3/3/ rate (no FEC). For SCO connections, packets must be exactly one time-slot in length. For ACL links, packets may be 1, 3, or 5 time slots in length. Bluetooth uses polling-based packet transmission. All communication between devices takes place between a master and a slave, using time-division duplex (TDD), with no direct slave-toslave communication. The master will poll each active slave to determine if it has data to transmit. The slave may only transmit data when it has been polled. Also, it must send its data in the time slot immediately following the one in which it was polled. The master transmits only in even numbered time slots, while the slaves transmit only in odd-numbered time slots. In each time slot, a different frequency channel f is used (a hop in the hopping sequence).

Problems

Bluesnarfing

To copy address information from a person's Bluetooth phone in the vicinity. The object exchange (OBEX) protocol used in Bluetooth was designed to let users easily send each other business card data without authentication. Bluesnarfers exploit this vulnerability to extract proprietary data from Bluetooth users

Bluespamming

Sending spam to Bluetooth-enabled devices

Bluejacking

Sending a message from your Bluetooth phone or PDA to a nearby stranger who also has a Bluetooth device.