Problem solve Get help with specific problems with your technologies, process and projects.

Can you tell me about security in Bluetooth technology?

Can you tell me about security in Bluetooth technology?
The Bluetooth specification defines two optional security modes: one that secures the entire connection, and another that enforce policies defined for individual applications that might use the link. When Bluetooth security is enabled, devices authenticate by sending challenge-response messages that demonstrate possession of a static device PIN. During authentication, an encryption key is derived to scramble data sent over the resulting connection.

Unfortunately, standard Bluetooth security is comparatively weak. Both the device PIN and encryption keys are variable length, and their minimum lengths are too short to prevent cracking. Static device PINs and key inputs mean that compromised values remain in use for a long time. Connections can also be hijacked when Bluetooth is used with one-way authentication – for example, when the PDA authenticates itself, but the desktop or phone it connects to does not.

When using Bluetooth, the best answer is to stay at least 30 feet away from public areas where eavesdroppers hang out. If that's not realistic, use the longest possible Bluetooth PINs and encryption keys, choose random PIN values, avoid saving your PIN on your device, and use two-way authentication whenever you can. Beware that device support for Bluetooth security does vary, so read product specs before you buy to make sure these security options are present and turn them on. These Bluetooth security measures can deter casual attackers, but to defeat motivated attackers, you'll need higher-layer security measures.

Dig Deeper on Mobile networking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.