Avoiding Bluetooth Security Vulnerabilities with your Access Control System

Bluetooth is a useful technology not just to connect your electronic devices but also to let you in and out of a secure building. Many access control systems use Bluetooth signals to recognize authorized users and allow them in. However, any system using Bluetooth or Bluetooth Low Energy (BLE) should actively defend against the known vulnerabilities of the system.

Just as Windows can get a virus, a Bluetooth system can get hacked. Microsoft is always updating their software to avoid these problems and protect Windows, and your access control system should be aware of and protect your access control system from known vulnerabilities. Here’s what you need to know about avoiding Bluetooth security vulnerabilities with your access control system.

Known Bluetooth Vulnerabilities

These are three known vulnerabilities of Bluetooth and BLE that any access control system should design against:

• BLESA: These are spoofing attacks against reconnections in BLE systems or when your phone in an access control system gets close enough to the building to again connect to the system.
• BLURtooth: These attacks take advantage of the cross-transport key derivation (CTKD) built into every Bluetooth system. Initially meant to save time, hackers can use this ability to gain a key to the system.
• KNOB attack: This attack is a little more complicated, essentially involving a brute force attack against the keys. It is a manipulation of the entropy negotiation and can allow hackers to read and change information sent through Bluetooth.

All of these attacks are essentially a way for a hacker to intercept, read and modify a Bluetooth signal, bypassing the encryption that normally ensures the system’s integrity.

BLE: Transport Layer Security

We install an access control system, Avigilon Alta, that is not vulnerable to any of these security threats. The system is safe because it uses transport layer security technology. This system solves the “initial pairing problem” or the issue where the system has no way to verify a device the first time that it connects to it, so it could be a hacker’s device in disguise.

This extra layer of encryption solves the vulnerabilities we outlined above. It turns the unsecured side of the door a “proxy” instead of an end point. This means that the physical lock on the door simply transmits information. It does not store it. Therefore, physical tampering can also not benefit a hacker, as they will not be able to access the system’s secrets through it.

Is the Avigilon Alta System Perfect?

It would be dangerous to assume that any security system is without flaw. In fact, it is exactly Avigilon Alta’s understanding that no system is invulnerable that makes us feel secure enough to recommend the system to our clients.

Avigilon Alta assumes that their access control system will be used in environments that have serious safety concerns and will face both passive and active hackers. They continue to use sound technological principles to defend the system, and therefore your building. They have unique solutions to security issues, making their system less predictable and harder to take advantage of. They also continue to live up to their high cryptographic standards.