Security of Bluetooth Devices

Recently there has been confusion surrounding security and Bluetooth wireless technology. These have typically involved mobile phones. How these issues apply to other classes of devices has not been discussed. I’d like to do that here. To the best of my knowledge, the encryption algorithm in the Bluetooth specifications has not been compromised. As such, once paired, the communication between Bluetooth devices is secure. This includes devices such as mice and keyboards connecting to a PC, a mobile phone synchronizing with a PC, and a PDA using a mobile phone as a modem to name just a few of the many other use cases.

Cases where data has been compromised on mobile phones are the result of implementation issues on that platform. The Bluetooth SIG diligently works with our members to investigate any issues that are reported to understand the root cause of the issue. If it is a specification issue, we work with the membership to address that issue in the specification. If it is an implementation issue, we work with the membership to get patches out and ensure future devices don’t suffer from the same vulnerability. This is an on-going process.

The Bluetooth SIG has published in the roadmap for the advancement of Bluetooth wireless technology security and privacy enhancements. These strengthen the pairing process; ensure privacy; as well as eliminating a brute force attack against non-discoverable devices. If any new vulnerabilities are discovered, these will be addressed in the roadmap.