Q

Can you tell me about security in Bluetooth technology?

Can you tell me about security in Bluetooth technology?
The Bluetooth specification defines two optional security modes: one that secures the entire connection, and another that enforce policies defined for individual applications that might use the link. When Bluetooth security is enabled, devices authenticate by sending challenge-response messages that demonstrate possession of a static device PIN. During authentication, an encryption key is derived to scramble data sent over the resulting connection.

Unfortunately, standard Bluetooth security is comparatively weak. Both the device PIN and encryption keys are variable length, and their minimum lengths are too short to prevent cracking. Static device PINs and key inputs mean that compromised values remain in use for a long time. Connections can also be hijacked when Bluetooth is used with one-way authentication – for example, when the PDA authenticates itself, but the desktop or phone...

it connects to does not.

When using Bluetooth, the best answer is to stay at least 30 feet away from public areas where eavesdroppers hang out. If that's not realistic, use the longest possible Bluetooth PINs and encryption keys, choose random PIN values, avoid saving your PIN on your device, and use two-way authentication whenever you can. Beware that device support for Bluetooth security does vary, so read product specs before you buy to make sure these security options are present and turn them on. These Bluetooth security measures can deter casual attackers, but to defeat motivated attackers, you'll need higher-layer security measures.

This was first published in September 2004

Dig deeper on Managing Wireless Networks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchConsumerization

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close