Bluetooth SIG Shop | Bluetooth.org
Select Language
Search Site
Go Search
 
 

Security

Other Resources


Tips to protect your data

Non-Discoverable Mode

To prevent others from seeing your device, you can set it to a non-discoverable mode. You can still use your Bluetooth services, like talking on a headset, but your device will not be found by other Bluetooth devices.

Only Pair with Known Devices

Don't "pair" with unknown devices. Just like you would not open your door to a stranger, do not accept content or pair with devices from unknown users.

Change your PIN

Pair your device in private to make the permanent connection. And if your device comes with a default Personal Identification Number (PIN), change it to only one you know.



Today's wireless world means that data is being sent invisibly from device to device and person to person. This data, in the form of emails, photos, contacts, addresses and more needs to be sent securely.

Bluetooth wireless technology has, from its inception, put an emphasis on security while making connections among devices.

The Bluetooth Special Interest Group (SIG), made up of more than 8,000 members, has a Security Expert Group. It includes engineers from its member companies who provide critical security information and requirements as the Bluetooth wireless specification evolves.

Implementing Security

Developers that use Bluetooth wireless technology in their products have several options for implementing security. And there are three modes of security for Bluetooth access between two devices.
  • Security Mode 1: non-secure
  • Security Mode 2: service level enforced security
  • Security Mode 3: link level enforced security

The manufacturer of each product determines these security modes. Devices and services have different security levels. For devices, there are two levels: "trusted device" and "untrusted device." A trusted device has already been paired with one of your other devices, and has unrestricted access to all services.

Services have three security levels:

  • Services that require authorization and authentication
  • Services that require authentication only
  • Services that are open to all devices

Misinformation Surrounding Security

There has been some confusion and misinformation surrounding security and Bluetooth wireless technology.

The reality is the encryption algorithm in the Bluetooth specifications is secure. This includes not just mobile phones that use Bluetooth technology, but also devices such as mice and keyboards connecting to a PC, a mobile phone synchronizing with a PC, and a PDA using a mobile phone as a modem, to name a few of the many use cases.

Cases where data has been compromised on mobile phones are the result of implementation issues. The Bluetooth SIG diligently works with members to investigate any issues that are reported to understand the root cause of the issue.

If it is a specification issue, we work with members to create patches and ensure future devices don't suffer the same vulnerability. This is an on-going process. The recently reported issues of advanced "hackers" gaining access to information stored on select mobile phones using Bluetooth functionality are due to incorrect implementation.

The names bluesnarfing and bluebugging have been given to these methods of illegal and improper access to information. The questions and answers on this page provide you with more information and address concerns for dealing with these security risks.

© 2010 Bluetooth SIG, Inc. All rights reserved. legal | privacy policy