Mobile Application Security : Bluetooth Security - Overview of the Technology

5/30/2011 5:28:34 PM
Bluetooth’s functionality and ubiquity on mobile devices provides some exciting opportunities for mobile application developers, but as is often the case with technology, as the use of Bluetooth has increased, so have related security problems. A variety of issues from weaknesses in the specifications to implementation flaws have put Bluetooth security in the news, with these security issues resulting in the loss of private data, eavesdropping, and unauthorized device control.

This article provides an introduction to Bluetooth’s operation and security characteristics. Common threats and security vulnerabilities are covered, as are recommendations for controlling the risk and increasing the security of Bluetooth-enabled devices and applications.

History and Standards

Bluetooth was originally conceived as an internal project at Ericsson Mobile Communications to create a wireless keyboard system. The technology proved to be useful for other objectives, and additional work was performed within Ericsson to apply the wireless connectivity to more generic purposes. To further the development and acceptance of the technology, the Bluetooth Special Interest Group (SIG) was formed in 1998 to help shepherd the emerging standard and promote the spread of Bluetooth to other practical applications (Bluetooth Security, p. 3). Since 1998, the Bluetooth SIG has administered and published the Bluetooth specifications and managed, marketed, and evangelized the technology.


The book Bluetooth Security (Artech House, 2004), by Christian Gehrmann, Joakim Persson, and Ben Smeets, is referenced numerous times in this chapter.

There have been a number of official specification releases by the SIG, starting with 1.0 and leading to the most recent version, 2.1, which was made official in July 2007. In addition to the management of the official specifications by the Bluetooth SIG, IEEE working group 802.15 is tasked with standards for wireless personal area networks (WPANs), which includes Bluetooth technology. IEEE project 802.15.1 is the WPAN standard based on Bluetooth’s specification (

Common Uses

Certainly Bluetooth has come a long way since its humble origins (and rather limited scope). In 2008, the number of Bluetooth devices in the market exceeded 2 billion, according to a May 2008 press release from the Bluetooth SIG. The variety of usage scenarios continues to expand, although mobile phone headsets are still the most common use. Other uses for Bluetooth technology include:

  • Wireless keyboard, mouse, and printer connectivity

  • Device synchronization (for example, PDA to desktop)

  • File transfer (for example, camera phone to desktop or photo printer)

  • Gaming console integration (including Nintendo Wii remotes and Sony PS3 headsets)

  • Tethering for Internet access (using a data-enabled mobile phone as a modem for Internet access from a laptop with Bluetooth providing inter device connectivity)

  • Hands-free and voice-activated mobile phone kits for cars


Although it’s likely the most common option for personal area networking, Bluetooth is not the only choice. Numerous options exist and are being developed to provide alternatives to Bluetooth. A few of the more significant choices are discussed here briefly, although because Bluetooth is aimed at providing wireless cable replacement, wired alternatives such as serial and USB are not considered.

  • Certified Wireless USB A short-range, high-bandwidth solution designed to allow interoperability with/replacement of standard (wired) USB (see A number of vendors have introduced or announced compatible products, and it is likely that the popularity of wired USB will carry over to Certified Wireless USB.

  • IrDA (Infrared Data Association) A specification for wireless communications via infrared transmission (see Many laptops, printers, and PDAs support IrDA, and external adapters are inexpensive. Additionally, data transmission rates for IrDA are higher than Bluetooth (up to 16Mbps). However, because infrared communications require line of sight between communicating systems, IrDA only lends itself to applications where endpoints are relatively immobile, which contradicts some of the flexibility and operational goals of a WPAN.

  • ZigBee Wireless networking technology based on the IEEE 802.15.4 standard (see ZigBee is marketed toward monitoring and sensory applications, versus the typical personal use cases with which Bluetooth is most often associated.

  • Kleer Kleer, a semiconductor company, has created an alternative to Bluetooth that also uses the Industrial Science and Medical (ISM) band (see Kleer’s technology is currently focused on audio (although video and other data is supported). Kleer technology has been sold under the RCA brand, and they have also forged a deal with Thomson to supply RF technology for Thomson’s wireless headsets.


    For more on the rivalry between Bluetooth and Kleer’s technology, see Richard Nass’s article “Bluetooth Competition Heats Up” (

  • 802.11 a/b/g/n Standard WLAN technology can be employed for some of Bluetooth’s standard uses, but 802.11 is typically used for infrastructure connectivity where clients need full network connectivity (typically TCP/IP). Additionally, cost, power consumption, and configuration complexity will tend to be much higher with 802.11 systems. It is expected that both 802.11 wireless networking and Bluetooth will continue to develop and thrive in their respective target markets without a great deal of functional crossover between the two technologies.

  • HiperLAN (1 and 2) A wireless networking standard managed by the European Telecommunications Standard Institute (ETSI). More similar in functionality to 802.11 wireless networking, HiperLAN technology has been around since the early 1990s, but its market penetration is nowhere near either Bluetooth or 802.11 WLAN.


    For more on the HiperLAN standard, see the ETSI website (

  • HomeRF An obsolete wireless networking specification that was intended to provide personal device connectivity. The working group that managed the specification was disbanded as 802.11 and Bluetooth became more widespread.

Although there are a number of alternatives, the market momentum of Bluetooth in conjunction with its well organized and supported SIG will make Bluetooth an ideal choice for WPAN connectivity for mobile application developers for the foreseeable future.


The most current Bluetooth version is v2.1 + EDR, which was published in July 2007. The next major release (likely to be v3.0, code-named “Seattle”) is designed to have much higher transmission speeds, faster connection speeds, and may include support for Ultra-Wideband (UWB) and WLAN technology. In addition, versions using even lower power levels are on the Bluetooth roadmap (see

  •  Windows Phone 7 Development : Push Notifications - Implementing Cloud Service to Track Push Notifications
  •  Windows Phone 7 Development : Push Notifications - Implementing Raw Notifications
  •  Windows Phone 7 Development : Push Notifications - Implementing Tile Notifications
  •  Windows Phone 7 Development : Push Notifications - Implementing Toast Notifications
  •  iPhone Application Development : Creating a Navigation-Based Application
  •  Windows Phone 7 Development : Push Notifications - Introducing the Push Notifications Architecture
  •  Windows Phone 7 Development : Push Notifications - Understanding Push Notifications
  •  Windows Phone 7 Development : Handling Multiple Concurrent Requests with Rx.NET
  •  WAP and Mobile HTML Security : Application Attacks on Mobile HTML Sites
  •  WAP and Mobile HTML Security : Authentication on WAP/Mobile HTML Sites & Encryption
  •  iPhone Application Development : Displaying and Navigating Data Using Table Views - Building a Simple Table View Application
  •  iPhone Application Development : Understanding Table Views and Navigation Controllers
  •  Windows Phone 7 Development : Revising WeatherRx to Manage Slow Data Connections
  •  Windows Phone 7 Development : Handling Data Connection Issues with Rx.NET
  •  Windows Phone 7 Development : Handling Errors in Rx.NET
  •  Windows Phone 7 Development : Using Rx.NET with Web Services to Asynchronously Retrieve Weather Data
  •  Windows Phone 7 Development : Media - Adding Sounds to an Application
  •  iPhone Application Development : Building a Multi-View Tab Bar Application (part 4) - Implementing the Summary View
  •  iPhone Application Development : Building a Multi-View Tab Bar Application (part 3) - Implementing the Volume View
  •  iPhone Application Development : Building a Multi-View Tab Bar Application (part 2) - Implementing the Area View
    Top 10
    Windows Phone 7 Development : Using Culture Settings with ToString to Display Dates, Times, and Text
    UK tech skills crisis
    Full-Text Indexing in SQL Server 2008
    Configuring Windows 7 on a Network
    Enterprise Patterns with WCF RIA Services
    The choices of mobile computing for SOHO users (part 2)
    Microsoft Surface
    Optimizing an Exchange Server 2010 Environment - Analyzing and Monitoring Core Elements
    Free VirtualBox Images (Part 2) - Create your own VirtualBox image
    Create, Read, and Write a Binary File
    Most View
    SQL Server 2005 : Report Definition and Design (part 2) - Report Designer
    SQL Server System and Database Administration : System Databases
    Personalizing Windows 7 (part 1) - Fine-Tuning Your Window Colors and Experience Level
    Active Directory Domain Services 2008 : Remove a User, Group, or Computer from the Password Replication Policy
    The Revolution Of Visual Resolution (Part 3) - Iiyama ProLite XB2374HDS-1, LG IPS235V, Philips E-line 237E3QPHSU
    Collaborating via Web-Based Communication Tools : Evaluating Instant Messaging Services
    ActiveX Installer Service in Windows Vista
    Using SQL Server 2005 Integration Services : Working with Integration Services Packages (part 1) - Control Flow
    Post-Boot Startup in Windows Vista
    Web porn ban: what does it mean?
    Create Stunning Zoom Burst Images (Part 1)
    Build Up Your Dream House with PC (Part 1)
    IIS 7.0 : Performance and Tuning - Configuring for Performance
    Windows Server 2008 : Domain Name System and IPv6 - Understanding DNS Zones
    E-mail Defenses in Windows Vista
    Introducing the Windows Phone Location Service and Mapping APIs
    Business Intelligence in SharePoint 2010 with Business Connectivity Services : Consuming External Content Types (part 2) - Writing to External Content Types
    Working with Assemblies : Overview of Security Changes in .NET 4.0
    Using SQL Server 2005 Integration Services : Programming Integration Services (part 4) - Connecting the Source and Destination Adapters with a Path
    Windows Server 2008 R2 monitoring and troubleshooting : Event Viewer - Configuring event-based tasks & Setting up event log forwarding