Recent studies have shown that up to half of all UK police officers' time is being taken up by paperwork, red tape and other duties rather than patrolling the streets. 

In an effort to improve efficiency, a Major English Police Force, covering around 1500 square miles, and with an approximate population of 1.5 million, decided to investigate the use of Bluetooth-enabled mobile devices to record information in the field.  This would free officers from having to manually re-enter data when back in the office, and give them more time to focus on actual 'frontline policing'.

As this was the first time that a UK Police Force had 'officially' proposed using Bluetooth-enabled devices in this way, the Police Force needed to formally address all of the potential security implications and have them approved by the relevant technical authorities prior to taking this forward.

Sopra Group was asked to conduct a Bluetooth IT Health Check of the proposed mobile devices – Blackberry 8310 smart phones and their associated peripheral devices (hands free car kits and headsets). 

Background

It is a known fact that all versions of the Bluetooth specification have inherent behaviours that increase the risk of their communications being compromised, and the aim of the security review was not to repeat work in that area, but to focus on the configuration of the Force's proposed mobile solution. 

The primary concerns centred around the fact that the Blackberries would connect to private police networks, which hold confidential police records and are used 24/7 by UK law enforcement agencies. 

A security breach of one of the Blackberries could be the first step towards gaining access to classified information held within the police networks, and could enable a hacker to misuse or modify police records.

Solution

Sopra Group undertook Penetration Tests of the Bluetooth devices with the assumption that the Bluetooth connections had already been compromised by an attacker. 

Blackberry Penetration Testing

The scope of work included a Penetration Test of Blackberry 8310 mobile computing devices and their associated hands-free kits and headsets.  The Penetration Test focused on two main areas:

  • obtaining and/or modifying data held on the device itself
  • obtaining access to the networks that the devices would be connected to. 

The tests were conducted over a fully paired Bluetooth link, and included tests for hidden and/or insecurely-configured services, discovering anonymous file transfer, data connection sharing or any other form of device control.

Hands-Free Penetration Testing

The Penetration Test of the hands-free kits and headsets also searched for insecure services, with the primary aim of recovering encryption keys.  When two mobile devices are paired they agree on a common encryption key which they use to authenticate each other and ensure they are connected to the right device. 

Recovery of such a key could enable an attacker to assume the Bluetooth identity of the peripheral and interact with a Blackberry as a trusted device, potentially allowing them to access data held on a Blackberrry, or on the police networks.

The Findings

Once the tests were completed, a full report was compiled by Sopra Group and delivered to the Police Force, the National Policing Improvement Agency (NPIA) and CESG (the UK Government's National Technical Authority for Information Assurance).

In particular the Penetration Test highlighted the following:

  • The highest risks were associated with the use of the in-car hands-free kits, which were found to be very open to certain types of attack. 
  • The headsets were found to be more secure than the in-car hands-free kits, and although it is technically possible for them to be used as a remote listening device, it is far less likely that this could happen to one of these than to one of the hands-free kits.
  • The Blackberry which was configured in-line with the Police Force's security policy was not compromised at any level during the test; even when paired to the attacker's computer, no data could be obtained from the device, and no access could be gained by the attacker to any networks to which the Blackberry itself had access.

Benefits

The Bluetooth Health Check has delivered a number of clear benefits to the Police Force including:

  • An independent, in-depth security review by a third-party specialist using best practice
  • Clear recommendations on the security implications of using the proposed devices
  • Assurance that the devices chosen to be deployed are as secure as possible
  • Provision of an in-depth report with detailed findings and recommendations that has helped shape the Police Force's mobile communications strategy going forward.