Bluetooth Crash Course
Before diving into the current threats to Bluetooth security, we need to first examine how Bluetooth works. WiFi was designed as a wireless LAN protocol; it allows for many computers to be connected to a single network and in general is architected much like a standard wired network. Bluetooth, even though it can be used for network access, is not intended as a LAN technology. Bluetooth’s primary goal is to replace your drawer full of short-range cables.
Just like some versions of WiFi, Bluetooth operates in the 2.4 GHz range, an unlicensed band with relatively few restrictions on use and power for devices in that frequency. Because many Bluetooth devices are battery operated, transmissions are generally low-power (1–10 milliwatts) and are only usable at a range of up to 10 meters. Also, unlike the bus architecture of Ethernet networks, Bluetooth networks form in a master/slave architecture. A single Bluetooth network, called a piconet, may have up to seven slave devices attached to one master.
When two Bluetooth devices try to talk to each other for the first time, one device must discover the other device. A Bluetooth device sends a query looking for other nearby Bluetooth devices. If a device is in Discoverable mode, it will respond to such a query with a message saying, basically, "I’m here, and this is my MAC address and device name." If the device is not in Discoverable mode, however, it will just sit silently.
Once two devices have found each other, they may go through an optional process called pairing. Pairing is the way in which Bluetooth devices form a trust relationship. When pairing occurs, the devices verify that each knows a PIN (usually entered by the user) and then they exchange cryptographic key material. These keys are used to secure future communications between the two devices. Generally a user will pair devices that he or she will be using all the time and trust to be secure, such as a headset or a phone. For other types of connections, say transferring an electronic business card, there would be no pairing, because you wouldn’t necessarily trust the person from whom you’re getting the card, and there’s no reason to exchange the card via a secure channel.
Finally, once two devices are talking to each other, they may use a Bluetooth profile for their communication. A profile is basically a structured way to access a device of a particular type. For instance, manufacturers can implement a keyboard profile in their keyboards; any computer that knows the keyboard profile can use any keyboard implementing that particular profile. Unfortunately, profiles can cause confusion. As an example, there’s a headset profile and a hands-free profile. These are different profiles that accomplish basically the same thing: providing a means to have a wearable speaker and microphone. From the user’s perspective, these types of devices all look like headphones, and there’s no visual way to tell which of the profiles the device implements—potentially even both profiles. But if you own an earbud that implements only the hands-free profile and your phone only understands the headset profile, you’re out of luck.