Bluetooth® wireless technology provides an easy way for a wide range of Bluetooth® devices (BT devices) to communicate with each other and connect to the Internet without the need for wires, cables and connectors.
The Bluetooth® core specifications vl.1, published Feb. 22, 2001 by the Bluetooth® special interest group (SIG) and the Bluetooth® core specifications vl.2, published Nov. 5, 2003, provide various security procedures (pairing, authentication and encryption). An Authentication procedure is based on a challenge-response scheme. Successful calculation of the authentication response requires that two devices share a secret Link Key. This Link Key is created during a Pairing procedure. If at least one authentication has been performed, then encryption may be used.
The Bluetooth® vl.1 and vl.2 specifications include provisions for three discoverability modes: Non-Discoverable Mode, Limited Discoverable Mode and General Discoverable Mode. According to these specifications, a device is in one, and only one, discoverability mode at a time.
When a BT device is in Non-Discoverable Mode it does not respond to inquiry. A BT device is said to be discoverable when it is in Limited Discoverable Mode or General Discoverable Mode. Even when a BT device is discoverable, it may be unable to respond to inquiry due to other baseband activity. A BT device that does not respond to inquiry due to being in Non-Discoverable Mode or due to other baseband activity is called a silent device. In Limited Discoverable Mode, a BT device is visible to all other BT devices that are within range, but only for limited periods of time. In General Discoverable Mode, a BT device is visible to all other BT devices that are within range, continuously or for no specific condition.
Even when not discoverable, a BT device is visible to other BT devices and users that are familiar with its Bluetooth® device address. The Bluetooth® device address is a unique 48-bit device identifier, where three bytes of the address are assigned to a specific manufacturer by the Institute of Electrical and Electronics Engineers (IEEE), and the other three bytes are freely allocated by the manufacturer.
There are a greater number of security concerns when a BT device is discoverable. A non-exhaustive list of examples for the security concerns includes eavesdropping on the data transferred during the communication of two BT devices, and the ability to fully impersonate other BT devices.
Similar concerns may arise with devices compatible with other wireless communication protocols, a non-exhaustive list of examples for which includes ZigBee™, radio frequency identification (RFID), ultra wideband (UWB), IEEE 802.11, and various proprietary communication protocols.
It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity.