Understanding Headset Security
What are your key considerations when selecting a Bluetooth headset? For most buyers, it’s either acoustics, comfort, form factor, features, aesthetics, connection style, or compatibility with applications and devices. However, one critical element not too many buyers stop to consider is what kind of security features, if any, are on the headset. For example, 85%[1] of users feel Bluetooth provides secure communications, but in today’s increasingly IoT world, threats are more sophisticated. Most people consider headsets to be basic devices that provide nice features and connect to our smartphones or laptops; however, they actually play an integral part in providing secure and reliable communications. Like other smart devices, most modern headsets run complex software, leaving them vulnerable to attacks if they are not secured properly, especially with the amount of data moving between the paired devices. Headset Security
We have all seen users put a piece of tape to cover their webcam, or maybe you have even done that yourself. More cautious users also worry about their devices’ microphones being hacked. Headsets can also be hacked to perform unintended operations like volume changes and skipping tracks to more serious attacks like recording your audio and theft of personal information.
Critical Vulnerabilities in Bluetooth Security
Recently a team of researchers exposed a vulnerability in older Bluetooth chips, called the KNOB attack. Without getting too technical, this vulnerability tricks the receiving device to negotiate a much lower level of security. Generally, Bluetooth connections and exchanges are encrypted and although it takes trillions of tries to crack a 128bit key by brute force, it might take only a few seconds if a shorter key is negotiated. Resulting in an attacker being able to hack the connection and eavesdrop.
Cisco Headsets — Laying New Foundations for Headset Security
Today, Cisco Headsets are deployed in government, healthcare, financial, and legal organizations that have some of the most stringent privacy and security policies. However, due to outstanding security threats, Bluetooth headsets have yet to be adopted in corporations and Federal agencies that handle classified information. Demand for wireless devices are growing at fast rate in this sector and these agencies are turning to Cisco to build Bluetooth headsets that have the highest level of security requirements and features in the market today (e.g. restricting pairing to only devices provided by employer or requiring a unique pin to pair to devices).
“What caught my attention on Cisco Headsets are the advanced security features and, more importantly, the backend administration capabilities. The work the Cisco team is doing will help lead the adoption of Bluetooth headsets especially by security accreditors who are familiar with Cisco’s security on their phones and other access points.”
– Sr Technical Advisor, US Federal
Security was built in at the core of the Cisco Headset 730, our premium Bluetooth headset. In today’s world, threats are constantly evolving, and we are continually investing to keep help keep communications secure. All our products go through the Cisco Secure Development Lifecycle (CSDL), which is an independent entity that applies industry-leading practices and technology at every stage of the development process to build trustworthy solutions and acts as a security gate before any product goes to market. The development of Headset 730 was no different as it has industry-first, enterprise-grade hardware and software protection through secure boot and image authentication.
Inherent Security of Software
Headset firmware is encrypted by Cisco with AES 128 bit key and only verified images can be installed. There is also no provision to bypass this protection. This ensures the integrity of the firmware and minimizes the possibility of any malicious code installation.
Protection Against Physical Hacking
Apart from verifying the installed firmware, the Headset 730 is also validated at every single boot process using its AES-CCM digest. This ensures the device is authentic and unmodified even if adversaries get physical access to the device. This feature is also enabled by default and there is no provision to bypass or disable.
Intelligent and Integrated Headset Management
Ensuring your headset is running on the most recent firmware will help you have the highest level of protection against attacks. The most vulnerable people, who deal with sensitive information, are often the ones who don’t have the time to manage or upgrade their headsets. With Cisco’s integrated management features, headsets can be deployed, configured, and monitored hassle-free by IT admins helping ensure the headset firmware is up to date…no required action by the end-user.
Cisco is laying a new foundation for headset security and we are continually investing in it as security risks are always evolving in today’s modern world. Our vision is to build enterprise-grade unified communication headsets that have the latest technology, modern form factor, and help provide trusted and secure communications that can be used in any environment or industry.
To help find the right business headset for you, read our eBook here.
Reference
[1] Cisco’s “Business Headsets” survey 2019, global data
Learn More