Editing Bluetooth (section)

==Security==
The security protocols in Bluetooth are widely considered to be relatively weak.
This is a reason for input devices using Bluetooth being banned in many security-conscious environments.

Some Bluetooth host implementations (Apple MacOS and iOS, and Linux including Android) even have a flaw allowing pairing with a keyboard without any user interaction, thus allowing an attacker to send key strokes without getting noticed. The vulnerability was supposedly fixed in Linux in 2020 but the fix was left disabled by default in most distributions.<ref name="mousejack++">Skysafe on Github—[https://github.com/skysafe/reblog/tree/main/cve-2023-45866 Hi, My Name Is Keyboard]: CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS. Disclosed 2023-12-06. Retrieved 2023-12-16</ref>

===Pairing===
The use of PIN codes (or QR codes) is considered insecure in classic Bluetooth below v2.1 and in BLE below v4.2. If the attacker could eavesdrop during the pairing process, the PIN number could be cracked too easily and used to produce traffic encryption keys. Even if pairing has been in a secure location, some devices can be manipulated to restart the pairing process. <ref
name="pomcor">Pomcor—[https://pomcor.com/2015/06/03/has-bluetooth-become-secure/ Has Bluetooth Become Secure?] by Francisco Corella. Dated 2015-06-03.
Retrieved 2020-04-10</ref>

It is also important that the PIN number be generated randomly each time. If a PIN (or QR code) is printed in the manual or on the back of the device, it is likely the same on every device of that type, and an attacker does not even need to crack it.

The most secure way is to always use a ''numeric comparison'' (both devices display a number that must match) or an ''Out-of-Band'' (OOB) transfer of an initial encryption key over another protocol such as [[USB]] or NFC.

There is a standard protocol for OOB pairing of both BR/EDR and BLE over NFC<ref name="btssp12">NFC Forum—[https://nfc-forum.org/wp-content/uploads/2019/06/NFCForum-AD-BTSSP-1.2.pdf Bluetooth® Secure Simple Pairing Using NFC] (PDF). Version 1.2. 2019-05-31. Retrieved 2020-04-10</ref>, which is wireless but has super-low range: in practice direct contact. NFC is common on cell phones, less so on tablets but almost nonexistent on PCs. Current Apple iOS and Android from version 7 support NFC pairing but not other types of OOB pairing.

[[USB]] is used for out-of-band pairing of [[Apple Magic Keyboard]] with [[macOS]], and controllers with various games consoles but the protocols are proprietary.

[[Microsoft Windows]] allows BLE peripherals from the same manufacturer as the host to be ''pre-paired''. The keys are stored in the host's UEFI BIOS and the peripheral's firmware. This scheme relies however also on a protocol over BLE that is Microsoft-specific.

===Traffic===
Traffic encryption of classic Bluetooth below version 4.1 is considered to be using a weak encryption algorithm.
BLE and newer classic Bluetooth use AES-CCM for traffic encryption, which is considered secure <ref name="pomcor"/>

Many devices are vulnerable to the "KNOB" attack which exploits a weakness in the Bluetooth standard itself: the devices could be coerced when connecting (after already pairing) to use a traffic encryption key length of only one byte — which is very easy to crack. However, for the attack to work, both the host and the peripheral need to be vulnerable. All major operating systems should have received updates. <ref name="ars190817">Ars Technica—[https://arstechnica.com/information-technology/2019/08/new-attack-exploiting-serious-bluetooth-weakness-can-intercept-sensitive-data/ New Attack exploiting serious Bluetooth weakness can intercept sensitive data]. By Dan Goodin. Published 2019-08-17. Retrieved 2019-08-18.</ref>