Guide to Bluetooth Security (Draft): Recommendations of the National Institute of Standards and Technology   [open pdf - 2MB]

"Bluetooth is an open standard for short-range radio frequency (RF) communication. Bluetooth technology is used primarily to establish wireless personal area networks (WPAN), commonly referred to as ad hoc or peer-to-peer (P2P) networks. Bluetooth technology has been integrated into many types of business and consumer devices, including cell phones, laptops, automobiles, printers, keyboards, mice, and headsets. This allows users to form ad hoc networks between a wide variety of devices to transfer voice and data. This document provides an overview of Bluetooth technology and discusses related security concerns. Several Bluetooth versions are currently in use in commercial devices. At the time of writing, Bluetooth 1.2 (adopted November 2003) and 2.0 + Enhanced Data Rate (EDR, adopted November 2004) are the most prevalent. Bluetooth 2.1 + EDR (adopted July 2007), which is quickly becoming the standard, provides significant security improvements for cryptographic key establishment in the form of Secure Simple Pairing (SSP). The most recent versions include Bluetooth 3.0 + High Speed (HS, adopted April 2009), which provides significant data rate improvements, and Bluetooth 4.0 Low Energy (LE, adopted June 2010), which supports smaller, resource-constrained devices and associated applications. This publication addresses the security of all these versions of Bluetooth. Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as denial of service (DoS) attacks, eavesdropping, man-in-the-middle (MITM) attacks, message modification, and resource misappropriation. They are also threatened by more specific Bluetooth-related attacks that target known vulnerabilities in Bluetooth implementations and specifications. Attacks against improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information and unauthorized use of Bluetooth devices and other systems or networks to which the devices are connected."

Report Number:
National Institute of Standards and Technology: NIST Special Publication 800-121 Revision 1 (Draft)
Public Domain
Retrieved From:
Information Technology Laboratory (National Institute of Standards and Technology). Computer Security Division: http://csrc.nist.gov/
Media Type:
Help with citations