69. What is Bluetooth wireless technology?
Bluetooth is a wireless technology and standard for a two-way radio communication system operating in the 2.4 GHz ISM radio band for creating personal area networks. It is utilized license-free worldwide. Today it is included in every smartphone, laptop, and desktop computer, as well as many gaming consoles, and has versions that support very low power, relatively high speed, and relatively long distances (although not necessarily simultaneously).
The radio transport uses a technique called frequency-hopping spread spectrum (FHSS), dividing up that spectrum into “channels” and hopping between them in a pseudorandom sequence at 1,600 times per second. All data is transmitted using strong error detection methods so that, if a data packet is lost or corrupted, it will be rapidly retransmitted on a different channel than the troubled one, minimizing the effects of the interference.
70. What are the different kinds of Bluetooth (“classic,”“low energy”) and what are their frequency characteristics?
Bluetooth wireless technology comprises two “flavors” with many common characteristics. The original Bluetooth introduced in 2001 is often called “Bluetooth classic” but is formally called BR/EDR (Basic Rate/Enhanced Data Rate). The newer type of Bluetooth is called “Bluetooth low energy,” often abbreviated BLE or BTLE. BLE was introduced as part of the Bluetooth 4.0 specification released in 2010. As the name implies, BLE is significantly lower in power usage, but at lower data transmission rate than BR/EDR.
Although they share the same spectrum and many core characteristics and benefits, Bluetooth classic devices will not interoperate directly with single-mode BLE devices. Devices such as phones, tablets, and laptops will operate with both types of Bluetooth since they contain circuitry and software that can “talk” to both. These are commonly called “dual mode” devices.
Bluetooth range is typically 10–100 m (both classic and BLE), depending on many factors including implementation, power output, intervening walls and their composition, and antenna/device position and orientation.
Bluetooth BR/EDR divides the RF spectrum differently from BLE. BR/EDR divides the RF band into 79 channels of 1-MHz bandwidth, while BLE divides the RF band into 40 channels of 2-MHz bandwidth. Additionally, BLE dedicates three channels to advertising from devices to allow for faster connection and resulting in lower power consumption.
71. What are the different Bluetooth revisions? (Bluetooth 1, 2, 2.1, 4.0, 5, etc.)
Bluetooth wireless technology evolves to support new features and capabilities, as well as to resolve issues that are discovered (e.g., security). The Bluetooth standard revisions not only involve new features to match marketplace and technology needs, but also to address issues that are discovered that can affect security and interoperability between Bluetooth devices.
Features are sometimes deprecated, such as with the use of fixed-PIN for pairing after Secure Simple Pairing (SSP) was introduced, since PIN has many security and usability issues. Beginning with Bluetooth 4.x, a device may not use PIN for built-in authentication and encryption.
All Bluetooth devices are backwards compatible. The backwards compatibility modes default to the earliest of the devices in a connection. This means that many improvements and fixes will not be possible with older devices.
A summary of the Bluetooth revisions and key improvements is shown in the bulleted list below.
- Bluetooth 1.1 (2001)
- First specification
- Bluetooth 1.2 (2003)
- Improved coexistence with WLAN (adaptive frequency hopping [AFH])
- Improved voice quality
- Bluetooth 2.0
- 1.2 + Errata
- Bluetooth 2.0 + EDR (2004)
- Enhanced data rate
- Bluetooth 2.1 (2007)
- QoS, SSP, security improvements
- Bluetooth 3.0 (2009)
- Bluetooth HS: alternate radio technologies (IEEE 802.11)
- Bluetooth 4.0 (2009–2011)
- BLE/BTLE added
- Bluetooth 4.1 (2012–2013)
- Simultaneous dual-role (central/peripheral) devices, IoT architectural enablers
- Bluetooth 4.2 (late 2014–2016)
- Internet of Things (IoT) additions, IPV6, increased payload (higher data rate), security improvement
- Bluetooth 5.0 (late 2016)
- Enhanced advertising
- Higher speed
- Longer range
- Errata fixes
The Bluetooth Special Interest Group announced in 2018 that it would be deprecating and withdrawing older core specifications from 2.0 through 4.1 beginning in January 2019. All existing approved devices retain their approvals and listings.
72. What Bluetooth revision should hospitals be using?
While it is understood that existing devices are often difficult to replace, the recommendations below are based on known issues of security and interoperability:
- Device designers and manufacturers should always use the latest specification possible. Use only BLE devices tested and listed to Bluetooth 4.2 or later. Use only BR/EDR devices tested and listed to Bluetooth 4.0 or later.
- New devices and systems should be tested and listed to the latest specification, at least Bluetooth 5.0.
- If earlier versions are deployed, care should be taken to understand the potential security or compatibility issues involved and mitigate them by limiting access to information or areas of use.
73. Do all cellular phones, tablets, and laptop computers work with Bluetooth?
With very few exceptions, all computing devices introduced since 2016 support Bluetooth, including both Bluetooth classic and BLE.
74. What is Bluetooth pairing: How does it work and how has it changed with the various revisions?
Pairing is the process used by Bluetooth wireless technology to establish a secure wireless connection between two devices. Once devices have been paired, the information created may be stored to re-establish the connection in the future.
Devices that have stored this information are “bonded.”
Pairing has evolved over the specification revisions. The original PIN code pairing method has been deprecated and should no longer be used due to security issues. Pairing in the latest specification revisions is much more secure.
The latest methods of SSP allow for several modes that depend upon the user interface and device implementation. It is important that the highest modes are used to allow for secure authentication and encryption.
Pairing is an optional process in the specification and suppliers are responsible for implementing and testing to make sure that the methods and modes are suited to the needs of the use model and data security. This should be disclosed as part of the cybersecurity hazard analysis for the device and system.
75. How does Bluetooth coexist with 802.11?
Bluetooth coexists well with 802.11 in the 2.4 GHz wireless spectrum by its use of FHSS technology along with AFH, which avoids transmitting on active 802.11 channels. The Bluetooth FHSS radio transmits for a short time on each channel and moves to another channel 1,600 times per second, minimizing potential interference.
As with 802.11, Bluetooth includes error detection and retransmission mechanisms. When there is a packet error or loss, that packet is quickly retransmitted and on a different channel than the one that experienced the packet error or loss, minimizing the effects of interference.
76. Does our microwave oven interfere with Bluetooth?
Yes, but this rarely occurs at a level noticeable to the user due to the narrow band of a typical microwave oven and Bluetooth error detection and correction methods.
77. How many Bluetooth devices can be in one room?
As with almost all RF performance questions, the answer depends on the exact scenario: What data are being transmitted? What are the power levels? What are the distances between devices? Etc. In practical usage, there is no limitation and multiple BT classic and BLE piconets can coexist in the same room. As an example, testing with 20 Bluetooth devices all streaming multi-channel ECG data worked smoothly and without data loss, and hundreds of devices coexisted during each Bluetooth “UnplugFest.”
78. Can a cellular phone that supports Bluetooth connect to hospital Bluetooth devices?
From the Bluetooth perspective: Yes, it is possible. Especially for BLE, connectivity depends on the application software (app) on the phone. From the perspective of medical devices in the hospital, the manufacturers of those devices must create a system so that only authorized devices are allowed to connect to the medical device safely and securely.
79. Is Bluetooth audio different from Bluetooth data? Can I have a call to my headset while other Bluetooth devices are communicating?
Yes, audio requires a high data rate and a constant connection. Bluetooth classic supports up to three simultaneous audio devices connected to a computer or phone, or a combination of data and one or two audio devices. Bluetooth classic can operate at (virtually) the same time as BLE in most devices. This means that a phone can be connected to a headset at the same time as it is connected to many BLE devices. An example is that a phone can be connected to diabetes devices such a glucometer and insulin pump at the same time as the user is making a phone call with a headset.
80. What are some Bluetooth-specific security considerations?
The most vulnerable state for a Bluetooth network is during the pairing process, which is used to establish a connection. Understand how pairing is completed and its requirements to ensure pairing is done securely. Legacy pairing, typically requiring the user to enter a 4-digit PIN, has been deprecated and should not be used.
The current pairing process has four methods of pairing to support different user interfaces, and some are more robust than others. Bluetooth security and privacy features are optional features in the specification, but may be required for medical device security. The manufacturer should be able to describe why the implemented security, privacy features, and pairing process are appropriate for the device.
The manufacturer should describe specifically what Bluetooth features, including security modes, are supported in each device and how they can support the HDO’s HIPAA policies.
For more detail, including a complete Bluetooth security checklist, please read the NIST Guide to Bluetooth Security, which includes the following points. “Organizations should:
- Use the strongest Bluetooth security mode that is available for their Bluetooth devices.
- Address Bluetooth wireless technology in their security policies and change default settings of Bluetooth devices to reflect the policies.
- Ensure that their Bluetooth users are made aware of their security-related responsibilities regarding Bluetooth use.”45
81. What are some security concerns for using BLE for wayfinding and patient engagement?
Wayfinding and other applications use BLE’s beacon advertising capability to broadcast data. The data can be numbers, clear text information, or encrypted information, and might include ePHI. Depending on the type of data being transmitted, certain security measures may be necessary to comply with the HDO’s HIPAA policy. The HDO should ask suppliers to disclose what is being transmitted and how/whether it is being protected, then determine whether this complies with the HDO’s HIPAA policy.