Breaking News
News & Analysis

Is It Secure to Use BLE in Cars?

Bluetooth SIG working on security updates
4/29/2014 00:01 AM EDT
25 comments
NO RATINGS
1 saves
Page 1 / 2 Next >
More Related Links
View Comments: Threaded | Newest First | Oldest First
junko.yoshida
User Rank
Blogger
BLE security
junko.yoshida   4/29/2014 6:34:03 AM
NO RATINGS
I don't fault Bluetooth SIG for wanting to drive the new standard like Bluetooth Low Energy to be used as broadcly as possible thus not incorporating the device-level security from the day one.

But protecting security and privacy of devices and data coming out of the devices should be the heart and soul of what makes Bluetooth Smart truly "smart" ...No?

alex_m1
User Rank
CEO
Re: BLE security
alex_m1   4/29/2014 4:30:39 PM
NO RATINGS
@Junko, since all those subsystems are connected to some power cable, why not justuse that for communication ?

JanineLove
User Rank
Blogger
Re: BLE security
JanineLove   4/30/2014 9:29:15 AM
NO RATINGS
I may be missing something here, but aren't they saying that the only security flaw is in the initial pairing? iF that's the case, can't careful pairing circumstances/measures solve this? Pairing is a one-time thing.

<<*if* they rely on BLE's built-in security and *if* the attacker is able to observe the user pairing with the phone.>>

tpfj
User Rank
CEO
Retro-fitting is always a hack
tpfj   4/29/2014 10:57:59 AM
NO RATINGS
I see it in standards all the time. Retro-fitting a feature that was not considered at inception always results in a hack which never quite works and invariably comes back to bite. Retro-fitting something as important as security is not something one should be doing. IMHO of course ...

junko.yoshida
User Rank
Blogger
Re: Retro-fitting is always a hack
junko.yoshida   4/29/2014 11:01:48 AM
NO RATINGS
@tpfj, I wonder about that, too...

But in Bluetooth SIG's defense, BLE -- now getting desinged into such a variety of products -- needs to answer different requirements of end products.

Perhpas, BLE's security issue is a result of BLE's own success?

I am sure that BLE is now getting into palces the SIG hand't thought about before.

DougInRB
User Rank
Manager
Re: Retro-fitting is always a hack
DougInRB   4/29/2014 12:32:54 PM
NO RATINGS
How far are they planning to take BLE?  I'm not real comfortable with the driver/hacker next to me on the freeway being able to tell my car to reboot.  Call me old fashion, but sometimes wires are worth the weight and extra cost.

junko.yoshida
User Rank
Blogger
Re: Retro-fitting is always a hack
junko.yoshida   4/29/2014 4:06:01 PM
NO RATINGS
@DouglnRB, I am not sure. But my unerstanding is that they will put in some sort of mechanism in the BLE spec that would allow certain systems to use public key exchange such as Diffie-Hellmann.

rick merritt
User Rank
Author
Honk if you use Buetooth
rick merritt   4/29/2014 3:21:48 PM
NO RATINGS
Security is a big issue, but frankly so is reliability with anything wireless. A little interference from Wi-Fi in the back seat or something and suddenly a car subsystem acts funny....hmmmm

junko.yoshida
User Rank
Blogger
Re: Honk if you use Buetooth
junko.yoshida   4/29/2014 3:29:54 PM
NO RATINGS
@Rick, it is true. Reliability is a big issue, when it comes to anything wireless.... But when I asked several experts about interference issues of BLE, I got their answers saying that they are little concerned. But security? Yes, they are worried.

AZskibum
User Rank
CEO
Re: Honk if you use Buetooth
AZskibum   4/29/2014 4:13:36 PM
NO RATINGS
Security should of course be a concern, but I think reliability is a far bigger concern. Having said that, I recently saw an episode of a TV drama in which a murder was committed by a hacker who remotely commanded his victim's airbags to deploy, causing a fatal crash. Food for thought as we march toward wireless connectivity in cars.

junko.yoshida
User Rank
Blogger
Re: Honk if you use Buetooth
junko.yoshida   4/29/2014 4:20:04 PM
NO RATINGS
@AZskibum, understood.

From an engineer's point of view, you think remotely commanding airbags is feasible. Correct?

AZskibum
User Rank
CEO
Re: Honk if you use Buetooth
AZskibum   4/30/2014 3:57:34 PM
NO RATINGS
I don't think it's feasible today without physical access to the vehicle. But when vehicles start including wireless networks, who knows?

alex_m1
User Rank
CEO
Re: Honk if you use Buetooth
alex_m1   4/29/2014 4:29:14 PM
NO RATINGS
@rick , bluetooth uses frequency hopping which has high reliability against intereference.

y_sasaki
User Rank
CEO
Re: Honk if you use Buetooth
y_sasaki   4/30/2014 2:58:38 PM
NO RATINGS
@alex_m1, not exactly... legacy Bluetooth hops frequency in every 625usec, but Bluetooth LE use more static "channel selection" per-connection bases. It is still dynamically allocated, but not exactlly FH spectrum spreading.

Bert22306
User Rank
CEO
Should not be a BLE problem
Bert22306   4/30/2014 4:20:15 PM
NO RATINGS
In short, when you set up an Internet account with your bank, are you having to involve your broadband provider in the process? Answer: no. It's all between your PC and your bank.

The Bluetooth Smart/Dumb interface should not need to become involved, except in cases where Transport Layer Security (TLS) is not feasible or too cumbersome. Same applies, for example, to WiFi. If you can use TLS or IPsec protocols over your WiFi, then the need for WiFi's own security layer is lessened considerably. (Mostly, WiFi's security protocol is used to prevent others from clogging up your broadband link, but not to prevent others from accessing your bank account!)

In this specific case, to lock/unlock the doors and to open windows, the automakers can simply use TLS between your own cellphone and the MCU that controls those functions. If this involves too much delay, the best bet by far is to install a faster MCU!!

Scp
User Rank
Rookie
Why Wireless
Scp   4/30/2014 9:50:19 PM
NO RATINGS
 

I can see very little reason to link functions like adjusting seats, mirrors and such by the use of a smart phone.  For some drivers replacing the Remote Keyless Entry fob with a smart phone makes good sense.  But for most functions why not use CAN bus or some other simple serial wired bus to do most of these functions.  Wireless in neat and cool but replacing a wired serial bus with a wireless bus seems like added complexity with little advantage.

jzolnier
User Rank
Rookie
BLE can be trusted in the automobile
jzolnier   4/30/2014 10:18:06 PM
NO RATINGS

We are witnessing a revolution in the auto industry, and wireless connectivity is at the center of that revolution. As vehicles have become more and more dependent upon electronics, security and reliability concerns have always been raised, ranging from fear of EM pulses being used to disable ECUs to hackers gaining access to the vehicle through a standard Bluetooth connection. Even today many keyless entry systems remain vulnerable to various types of attacks.

 

Bluetooth Smart technology inside the automobile will offer significant improvements to the user experience in many areas, and will also help manufacturers to produce more efficient vehicles.  Outside of the automobile, Bluetooth Smart technology is or will be used in medical applications, mobile payment systems, garage door openers, and residential and commercial locks. Each of these applications has security and reliability as paramount concerns.

 

TI has been working with our customers for years to help them ensure their wireless applications, including those using Bluetooth Smart, are safe from security attacks.  Regardless of any demonstrated vulnerabilities, users can be assured that additional layers of security will be used to ensure these vulnerabilities are not maliciously exploited, resulting in implementations that are highly secure.

zeeglen
User Rank
Blogger
Re: BLE can be trusted in the automobile
zeeglen   4/30/2014 11:24:30 PM
NO RATINGS
users can be assured that additional layers of security will be used to ensure these vulnerabilities are not maliciously exploited

If wireless is not used where it is not needed, then one need not worry at all about wireless vulnerabilities.


AZskibum
User Rank
CEO
Re: BLE can be trusted in the automobile
AZskibum   5/1/2014 1:07:58 AM
NO RATINGS
Excellent point. If someone breaks into my car & gains access to the CAN buses, maybe he can do some something. But any wireless link should remain completely isolated from those CAN buses, so that even if wireless security is somehow compromised, the worst that can happen is the doors are unlocked, the infotainment system is turned on or the driver's seat is moved.

krisi
User Rank
CEO
Re: BLE can be trusted in the automobile
krisi   5/1/2014 1:17:51 PM
NO RATINGS
Are you expressing your own opinion @jzolnier? This reads like a press release

jzolnier
User Rank
Rookie
Re: BLE can be trusted in the automobile
jzolnier   5/2/2014 1:56:19 PM
NO RATINGS
This is my opinion and technical belief. Again not to trivialize the challenge of security, it will always be at the top of the list of priorities for any of the use cases I mentioned, but I feel strongly that done properly BLE is very secure.

krisi
User Rank
CEO
Re: BLE can be trusted in the automobile
krisi   5/2/2014 2:35:21 PM
NO RATINGS
Did you write this sentence @jzolnier? Do you work for TI?

 

TI has been working with our customers for years to help them ensure their wireless applications, including those using Bluetooth Smart, are safe from security attacks.

Max The Magnificent
User Rank
Blogger
Re: BLE can be trusted in the automobile
Max The Magnificent   5/2/2014 6:08:49 PM
NO RATINGS
@krisi: Did you write this sentence @jzolnier? Do you work for TI?

Well... if I were a betting man... (LOL)

krisi
User Rank
CEO
Re: BLE can be trusted in the automobile
krisi   5/2/2014 6:42:27 PM
NO RATINGS
I am a betting man so will put $100 towards claim that @jzolnier works for TI...I don't mind press releases, I ocasionally read them in my business...but I am not happy to see press releases sneaked in as "my own words"...I don't come to EE Times for that...Kris

from_Tokyo
User Rank
Rookie
Bluetooth initialization?
from_Tokyo   5/8/2014 4:03:52 AM
NO RATINGS
I am not very familiar with Bluetooth and its initialization processes. But what happens after I replace my car battery? So all electronics have been unpowered and are powered up again? Does Bluetooth also needs a re-initialization in that situation? If so, this could be in not such a secure environment, making it vulnerable for hackers?

August Cartoon Caption Winner!
August Cartoon Caption Winner!
"All the King's horses and all the KIng's men gave up on Humpty, so they handed the problem off to Engineering."
5 comments
Top Comments of the Week
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Times on Twitter
EE Times Twitter Feed
Flash Poll
Radio
LATEST ARCHIVED BROADCAST
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for today’s commercial processor giants such as Intel, ARM and Imagination Technologies.