Bluetooth Security

Bluetooth has the following potential security risks:

  • Bluetooth is designed to run over a short-range wireless peer-to-peer network. If one or more devices are used as gateways to other networks, and if the security of Bluetooth is compromised, it could expose the device or its attached networks.
  • Bluetooth supports third party extensions. If these extensions do not use proper security and authentication procedures, they could compromise the security of a device or local network.

The security model of Bluetooth is based on and enforced by two measures:

  • Authentication
  • Link encryption

The following table shows the security modes and the combinations of security measures they enforce.

Mode Description
Mode 1 Devices operating in this mode do not implement security control. Any device in the area is able to pair with devices operating in this mode.
Mode 2 Devices operating in this mode enforce service level security by a combination of authorization and authentication scheme at the L2CAP layer and above.
Mode 3 Devices operating in this mode enforce link encryption at the LMP layer.

Microsoft® Windows® CE .NET implements support for mode 3 security. The following new Winsock options are added to provide such support:

  • SO_BTH_AUTHENTICATE
  • SO_BTH_ENCRYPT
  • SO_BTH_SET_PIN
  • SO_BTH_SET_LINK
  • SO_BTH_GET_LINK

For more information about the new Winsock options, see Winsock Extensions.

Best Practices

Security level

It is recommended that you enforce a security mode 3 at the least.

Use a long passkey number and do not perform a pairing procedure in public

Using a long passkey prevents the correct link key from being easily computed. Do not perform pairing at public places to prevent an attacker from eavesdropping during the pairing occasion and recording all communications between devices. An attacker can also obtain the passkey and link key by initiating a key exchange with a victim device.

Restrict access to trusted devices

Restricting access to trusted devices provides security. Trusted devices are devices that have fixed, or paired, relationships and that have access to services.

Passkey changes should only be possible over an authenticated or encrypted connection

The headset implementation should ensure that changes to the Bluetooth passkey are only possible over an authenticated and encrypted wired connection or Bluetooth link. Use randomly generated initial passkey values that are unique for each headset. The headset should also use a combination key for its connections. The combination keys should be stored in non-volatile memory.

Only pair a data terminal with a gateway when both are explicitly set into pairing mode

Pairing a data terminal and gateway should only be possible if the user explicitly sets the data terminal and gateway into pairing mode. Perform the pairing according to the Bluetooth Baseband specification. The user should be aware that during the pairing procedure, the initial exchange of keys is the weakest part of the security procedure because non-encrypted channels are used. To minimize the risk of eavesdropping during the communication, the data terminal and gateway should use long and random Bluetooth passkey values.

Put your device on a connection mode that has a security infrastructure

Put your device into a connection mode that uses a key derived during bonding for only one session and then deletes it.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For Bluetooth registry information, see Bluetooth Registry Settings.

Ports

No specific ports are used for Bluetooth.

See Also

Bluetooth

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.