Unfortunately, standard Bluetooth security is comparatively weak. Both the device PIN and encryption keys are variable length, and their minimum lengths are too short to prevent cracking. Static device PINs and key inputs mean that compromised values remain in use for a long time. Connections can also be hijacked when Bluetooth is used with one-way authentication – for example, when the PDA authenticates itself, but the desktop or phone it connects to does not.
When using Bluetooth, the best answer is to stay at least 30 feet away from public areas where eavesdroppers hang out. If that's not realistic, use the longest possible Bluetooth PINs and encryption keys, choose random PIN values, avoid saving your PIN on your device, and use two-way authentication whenever you can. Beware that device support for Bluetooth security does vary, so read product specs before you buy to make sure these security options are present and turn them on. These Bluetooth security measures can deter casual attackers, but to defeat motivated attackers, you'll need higher-layer security measures.
This was first published in September 2004