Bluetooth Security
Bluetooth has the following potential security risks:
- Bluetooth is designed to run over a short-range wireless peer-to-peer network. If one or more devices are used as gateways to other networks, and if the security of Bluetooth is compromised, it could expose the device or its attached networks.
- Bluetooth supports third party extensions. If these extensions do not use proper security and authentication procedures, they could compromise the security of a device or local network.
The security model of Bluetooth is based on and enforced by two measures:
- Authentication
- Link encryption
The following table shows the security modes and the combinations of security measures they enforce.
| Mode | Description |
|---|---|
| Mode 1 | Devices operating in this mode do not implement security control. Any device in the area is able to pair with devices operating in this mode. |
| Mode 2 | Devices operating in this mode enforce service level security by a combination of authorization and authentication scheme at the L2CAP layer and above. |
| Mode 3 | Devices operating in this mode enforce link encryption at the LMP layer.
Microsoft® Windows® CE .NET implements support for mode 3 security. The following new Winsock options are added to provide such support:
For more information about the new Winsock options, see Winsock Extensions. |
Best Practices
Security level
It is recommended that you enforce a security mode 3 at the least.
Use a long passkey number and do not perform a pairing procedure in public
Using a long passkey prevents the correct link key from being easily computed. Do not perform pairing at public places to prevent an attacker from eavesdropping during the pairing occasion and recording all communications between devices. An attacker can also obtain the passkey and link key by initiating a key exchange with a victim device.
Restrict access to trusted devices
Restricting access to trusted devices provides security. Trusted devices are devices that have fixed, or paired, relationships and that have access to services.
Passkey changes should only be possible over an authenticated or encrypted connection
The headset implementation should ensure that changes to the Bluetooth passkey are only possible over an authenticated and encrypted wired connection or Bluetooth link. Use randomly generated initial passkey values that are unique for each headset. The headset should also use a combination key for its connections. The combination keys should be stored in non-volatile memory.
Only pair a data terminal with a gateway when both are explicitly set into pairing mode
Pairing a data terminal and gateway should only be possible if the user explicitly sets the data terminal and gateway into pairing mode. Perform the pairing according to the Bluetooth Baseband specification. The user should be aware that during the pairing procedure, the initial exchange of keys is the weakest part of the security procedure because non-encrypted channels are used. To minimize the risk of eavesdropping during the communication, the data terminal and gateway should use long and random Bluetooth passkey values.
Put your device on a connection mode that has a security infrastructure
Put your device into a connection mode that uses a key derived during bonding for only one session and then deletes it.
Default Registry Settings
You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.
For Bluetooth registry information, see Bluetooth Registry Settings.
Ports
No specific ports are used for Bluetooth.
See Also
Last updated on Thursday, April 08, 2004
© 1992-2003 Microsoft Corporation. All rights reserved.