Bluetooth technology, named for a Danish King, was initially developed and conceived by the Ericsson company to be a cable replacement technology. Bluetooth is considered to be a WPAN technology; WPAN stands for Wireless Personal Area Network and is implemented most often in the use of cellular phones, PDAs, and smart phones, but it has begun to be used in laptops, keyboards, mice, and printers, as well as Wi-Fi wireless networks. Bluetooth operates by using small low power radio transmitters similar to miniature short wave radios.
Due to the nature of easy connections between Bluetooth devices security issues can arise. The most basic setting is an open or no security setting which allows a device to connect to any known Bluetooth device in its vicinity. Any Bluetooth device can connect to a Bluetooth device set to open security. Although it should be noted that Bluetooth is a very short distance communication technology and a connecting device will need to be in close proximity to do so. Protection at the service level, or security mode 2, means that the Bluetooth device will not connect unless it receives or sends a connection request. The security procedures are implemented after the request is made; a password or pin number is used after the request is made and received. In Bluetooth security mode 3, security is enabled prior to making a connection. In other words, the pin needs to be given and approved before the connection request is made.
Security encryption is based on a pin code from a minimum of 8 bits to a maximum of 128 bits and is considered to be completely secure. The security threats individuals speak of lay in the implementation of the pin code itself. As with all passwords and pin codes the complexity of the code determines its security. As a basic rule of thumb the security password bit length is determined by the manufacturer and unfortunately is not standardized yet, but a strong Bluetooth pin code should be at least thirteen digits and incorporate both alpha and numeric characters in the very least.
A few holes are said to exist in the security pin code implementation and connection protocols for Bluetooth. A set device address is used for a Bluetooth device, which at first seems to be a good measure, but when paired with two other devices, named 2 and 3, issues can arise. Device 2 can connect using device 1's pin. Then device 3 may connect to device 1 using the same pin and be able to pose to device 2 as device 1 and share its resources and data.
Each of the devices, 1, 2, and 3 will know the dedicated Bluetooth address of each of the devices connected in this particular WPAN creating a slew of possible security threats. This "posing" as another Bluetooth device is extremely hard to track using current Bluetooth security and the use of a common pin code, namely 0000. This accounts for approximately forty percent of Bluetooth cell phones in the US alone. In some instances a hacker can gain access to the cellular phone and make calls from it; this creates even more problems because at this point the attacker does not have to remain in Bluetooth range and can use the hijacked phone from anywhere. Several terms used in describing these security holes are Bluesnarfing, Bluebugging, and Bluejacking. Bluetooth communication is being adopted as the next generation of wireless communications but it needs serious work to improve the existing security protocols.