Bluetooth 4.0 and 4.1 had a broken key exchange that was vulnerable to both passive and active attacks [1]. This could be remedied by a custom in-band or out-of-band key exchange, but I think it was rare for device manufacturers to go to those lengths.
The key exchange vulnerability was addressed in Bluetooth 4.2, which implements ECDH and is at least theoretically secure. [2]
Basically Passkey Entry is broken so eavesdroppers can trivially learn the PIN. You must use a dynamic PIN (not always possible).
Oh and if you're thinking you can implement your own pairing method that is actually secure, via the Out-of-Band method, think again! Neither Android nor iOS support it.
programmarchy|9 years ago
The key exchange vulnerability was addressed in Bluetooth 4.2, which implements ECDH and is at least theoretically secure. [2]
[1] https://www.usenix.org/conference/woot13/workshop-program/pr...
[2] http://blog.bluetooth.com/everything-you-always-wanted-to-kn...
IshKebab|9 years ago
https://pomcor.com/2015/06/03/has-bluetooth-become-secure/
Basically Passkey Entry is broken so eavesdroppers can trivially learn the PIN. You must use a dynamic PIN (not always possible).
Oh and if you're thinking you can implement your own pairing method that is actually secure, via the Out-of-Band method, think again! Neither Android nor iOS support it.
digi_owl|9 years ago
MohammadLee|9 years ago
drewbug|9 years ago