Security, Basic Stamps and integration of Bluetooth or WiFi

Archiver

One thing I noticed about the Bluetooth eb500 was the complete lack of
security. Anyone can access the basic stamp device. Is anyone out there
paying attention to security issues, i.e. networking, password protecting
devices, encryption etc.

I would be interested in any URLs which deal with these issues in
networking basic stamps.

thanks
joe baptista

Joe Baptista: USG Portal www.joebaptista.com, Personal www.baptista.god
Chief Internet Scientist, / System Administrator to .GOD and .SATAN
TTF-Bucksfan www.gov.ttf / www.nic.god, www.nic.satan or www.dot-god.com

Archiver

One thing I noticed about the Bluetooth eb500 was the
complete lack of security. Anyone can access the basic
stamp device. Is anyone out there paying attention to
security issues, i.e. networking, password protecting
devices, encryption etc.

I would be interested in any URLs which deal with these
issues in networking basic stamps.

thanks
joe baptista

tis true, but this device does only support the simple
serial protocol. That was the way it was originaly intended
for the whole device. The original specs for Bluetooth was
just a simple serial link. Over the years it has evolved
much farther than anyone has anticipated. Now it does all
kinds of things. Problem is that many of the embedded
processors lack the resources to implement security well.
You can do what normally is done in this case and encrypt
the datam though with a stamp, you'd be pushing the
envelope.

Maybe the next version of the eb500 will address this issue.
There are other things planned for it, I've talked to the
developer but not about that. Maybe they can implement the
matched pair functions. In any case, the security is
lacking, but the whole Bluetooth spec is still evolving and
people are scrambling to implement it properly. Hang in
there. It'll happen and in the meantime, you get to play
with some of the newset technology out there before everyone
else does. I've been watching the bluetooth industry now for
about 3 years. A couple of years ago, I paid $15,000 dollars
(well you all did) for a pair of developer boards that
couldn't do much more than the eb500 does now.

I think the eb500 is a very exciting development, still
primitive but I believe all of its problems will get worked
out, it's inevitable they will fix it or someone else will.
--
Regards

Dave Evartt
American Hovercraft

Archiver

Joe,

I have used the DS1963S SHA iButton for security when using bluetooth from a
bs2p. This works great. This link has some additional information you may want
to look at : http://pdfserv.maxim-ic.com/en/an/app150.pdf

Geoffrey

---

Original Message

---

From: Joe Baptista
To: basicstamps@yahoogroups.com
Sent: Thursday, January 08, 2004 6:39 PM
Subject: [noparse][[/noparse]basicstamps] Security, Basic Stamps and integration of Bluetooth or
WiFi



One thing I noticed about the Bluetooth eb500 was the complete lack of
security. Anyone can access the basic stamp device. Is anyone out there
paying attention to security issues, i.e. networking, password protecting
devices, encryption etc.

I would be interested in any URLs which deal with these issues in
networking basic stamps.

thanks
joe baptista

Joe Baptista: USG Portal www.joebaptista.com, Personal www.baptista.god
Chief Internet Scientist, / System Administrator to .GOD and .SATAN
TTF-Bucksfan www.gov.ttf / www.nic.god, www.nic.satan or www.dot-god.com




To UNSUBSCRIBE, just send mail to:
basicstamps-unsubscribe@yahoogroups.com
from the same email address that you subscribed. Text in the Subject and Body
of the message will be ignored.


Yahoo! Groups Links

To visit your group on the web, go to:
http://groups.yahoo.com/group/basicstamps/

To unsubscribe from this group, send an email to:
basicstamps-unsubscribe@yahoogroups.com

Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/



[noparse][[/noparse]Non-text portions of this message have been removed]

Archiver

Hi Joe,

The eb500 does actually have two basic security mechanisms, but you
may not have recognized them as such when reading through the
manual. The first mechanism controls whether the eb500 is
discoverable (visible to other Bluetooth radios). The radio can be
made invisible by sending the following command.

SET DIS OFF

If you want to persist this setting simply add an asterisk to the
end of the command as follows.

SET DIS OFF *

This command and its full syntax are discussed further on page 78 of
the eb500 manual.

When the eb500 is not discoverable no Bluetooth device will be able
to see it when looking for other radios. If they knew the specific
Bluetooth device address of the radio however, they could still
connect to it.

A second built in security mechanism allows you to control whether
the radio will accept or deny new connection requests. This is
significant in that it gives you control over connections even if
the remote radio already knows your device address. To make the
eb500 refuse all connection attempts send the following command.

SET CON OFF

If you want to persist this setting simply add an asterisk to the
end of the command.

SET CON OFF *

This command and its full syntax are discussed further on page 78 of
the eb500 manual.

This is just the tip of the iceberg where Bluetooth security is
concerned, but it should provide you with some basic control over
your radio in unfriendly environments. Higher level security
functionality is planned for this module such as pairing,
authentication, and encryption, but unfortunately time did not allow
these features to be put into version 1.0.

Let me know if you have any further questions.

Bryan Hall
A7 Engineering
www.a7eng.com


--- In basicstamps@yahoogroups.com, Joe Baptista <baptista@d...>
wrote:
>
> One thing I noticed about the Bluetooth eb500 was the complete
lack of
> security. Anyone can access the basic stamp device. Is anyone
out there
> paying attention to security issues, i.e. networking, password
protecting
> devices, encryption etc.
>
> I would be interested in any URLs which deal with these issues in
> networking basic stamps.
>
> thanks
> joe baptista
>
> Joe Baptista: USG Portal www.joebaptista.com, Personal
www.baptista.god
> Chief Internet Scientist, / System Administrator to .GOD
and .SATAN
> TTF-Bucksfan www.gov.ttf / www.nic.god, www.nic.satan or www.dot-
god.com

Archiver

Dumb newbie question but what is 'eb500'?

--- Bryan Hall <bryan@f...> wrote:
> Hi Joe,
>
> The eb500 does actually have two basic security
> mechanisms, but you
> may not have recognized them as such when reading
> through the
> manual. The first mechanism controls whether the
> eb500 is
> discoverable (visible to other Bluetooth radios).
> The radio can be
> made invisible by sending the following command.
>
> SET DIS OFF
>
> If you want to persist this setting simply add an
> asterisk to the
> end of the command as follows.
>
> SET DIS OFF *
>
> This command and its full syntax are discussed
> further on page 78 of
> the eb500 manual.
>
> When the eb500 is not discoverable no Bluetooth
> device will be able
> to see it when looking for other radios. If they
> knew the specific
> Bluetooth device address of the radio however, they
> could still
> connect to it.
>
> A second built in security mechanism allows you to
> control whether
> the radio will accept or deny new connection
> requests. This is
> significant in that it gives you control over
> connections even if
> the remote radio already knows your device address.
> To make the
> eb500 refuse all connection attempts send the
> following command.
>
> SET CON OFF
>
> If you want to persist this setting simply add an
> asterisk to the
> end of the command.
>
> SET CON OFF *
>
> This command and its full syntax are discussed
> further on page 78 of
> the eb500 manual.
>
> This is just the tip of the iceberg where Bluetooth
> security is
> concerned, but it should provide you with some basic
> control over
> your radio in unfriendly environments. Higher level
> security
> functionality is planned for this module such as
> pairing,
> authentication, and encryption, but unfortunately
> time did not allow
> these features to be put into version 1.0.
>
> Let me know if you have any further questions.
>
> Bryan Hall
> A7 Engineering
> www.a7eng.com
>
>
> --- In basicstamps@yahoogroups.com, Joe Baptista
> <baptista@d...>
> wrote:
> >
> > One thing I noticed about the Bluetooth eb500 was
> the complete
> lack of
> > security. Anyone can access the basic stamp
> device. Is anyone
> out there
> > paying attention to security issues, i.e.
> networking, password
> protecting
> > devices, encryption etc.
> >
> > I would be interested in any URLs which deal with
> these issues in
> > networking basic stamps.
> >
> > thanks
> > joe baptista
> >
> > Joe Baptista: USG Portal www.joebaptista.com,
> Personal
> www.baptista.god
> > Chief Internet Scientist, / System Administrator
> to .GOD
> and .SATAN
> > TTF-Bucksfan www.gov.ttf / www.nic.god,
> www.nic.satan or www.dot-
> god.com
>
>
> To UNSUBSCRIBE, just send mail to:
> basicstamps-unsubscribe@yahoogroups.com
> from the same email address that you subscribed.
> Text in the Subject and Body of the message will be
> ignored.
>
>
> Yahoo! Groups Links
>
> To visit your group on the web, go to:
> http://groups.yahoo.com/group/basicstamps/
>
> To unsubscribe from this group, send an email to:
> basicstamps-unsubscribe@yahoogroups.com
>
> Your use of Yahoo! Groups is subject to:
> http://docs.yahoo.com/info/terms/
>
>


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus

Archiver

At 11:52 PM 1/14/04 -0800, Danielle Lee wrote:

>Dumb newbie question but what is 'eb500'?

Danielle -

Not so dumb at all. It's a new embedded Bluetooth RF Transceiver Module being
offered by Parallax: http://www.parallax.com/detail.asp?product_id=30068

Regards,

Bruce Bates