Avoid Pairing In A Public Location

Bluetooth wireless technology is a short-range communications technology intended to replace the cables connecting portable and/or fixed devices while maintaining high levels of security. The key features of Bluetooth technology are robustness, low power, and low cost. The Bluetooth specification defines a uniform structure for a wide range of devices to connect and communicate with each other.

Bluetooth technology has achieved global acceptance such that any Bluetooth enabled device, almost everywhere in the world, can connect to other Bluetooth enabled devices in proximity. Bluetooth enabled electronic devices connect and communicate wirelessly through short-range, ad hoc networks known as piconets. Each device can simultaneously communicate with up to seven other devices within a single piconet. Each device can also belong to several piconets simultaneously. Piconets are established dynamically and automatically as Bluetooth enabled devices enter and leave radio proximity.

A fundamental Bluetooth wireless technology strength is the ability to simultaneously handle both data and voice transmissions. This enables users to enjoy variety of innovative solutions such as a hands-free headset for voice calls, printing and fax capabilities, and synchronizing PDA, laptop, and mobile phone applications to name a few.

But Bluetooth technology raised some security and privacy issues and concerns. If you want to know more about these i.e. about bluejacking, bluebugging, bluesnarfing and other related stuff, visit official Bluetooth SIG (Special Interest Group) web site and its security section (here).

That is one side of medal. There are many papers that desribe how pairing in a public location potentially introduce a security risk.

Pairing in a public place, such as a point of sale, is discouraged when using the pairing procedure from the Bluetooth Baseband specification, as there is much greater risk that a subversive unit may intercept the keys. Note that such risk only occurs if a low-entropy Bluetooth passkey value is used.

For the highest level of security when using the pairing procedure from the Bluetooth Baseband specification, random long Bluetooth passkey values must be used. The maximum (useful) length of a passkey is 128 bits. An alternative approach for secure pairing is to provide a physical serial port interface between the Audio Gateway (AG) and the Headset (HS) to transfer sufficiently strong link keys directly.

Read this and this.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.