It's no secret that Bluetooth devices have been just one more security headache. No or incorrect configuration left laptops and handheld devices open to attack in the office or in public places. One of the reasons for the weak security was the difficulty normal users had in managing it. This may soon be a problem whose time has past.
The Bluetooth Special Interest Group (SIG) announced on March 27 that a new specification will soon be released. The specification, called Bluetooth Core Specification Version 2.1 + EDR (Enhanced Data Rate) will not only improve security. It's also a step closer to high speed connectivity and it reduces power consumption up to a factor of 5.
Security is enhanced through improved pairing technology. Pairing two Bluetooth devices with the new specification is as easy as turning them on. They automatically identify and connect to each other while creating a 16 character alphanumeric code for encryption—without user intervention. Further, man-in-the-middle attacks can be thwarted by using a 6 digit passkey provided by the initiating device, and implemented by users to verify control of connected devices.
According to the SIG, all Bluetooth Version 2.1 + EDR capable devices will be backward compatible with existing Bluetooth devices. The difference will be the inability to use the new pairing technology.
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.