Threat Category: Network Threats: Bluetooth
ID: LPN-11
Threat Description: Brute-force decryption of Bluetooth 4.0 or older communication due to weak BR/EDR encryption algorithm.
Threat Origin
Guide to Bluetooth Security (SP 800-121) 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
To resist brute-force decryption attacks, use the maximum PIN length and encryption key sizes available on configurable Bluetooth devices.
Restrict the use of older Bluetooth devices with a static or 4-digit PIN to very low-risk use cases.
To prevent unauthorized disclosure or modification to data transmitted over a compromised Bluetooth session, use Bluetooth applications that provide strong over-the-top encryption to data prior to transmission over the Bluetooth interface.
EnterpriseRestrict the use of older Bluetooth devices with a static or 4-digit PIN to very low-risk use cases.
To prevent unauthorized disclosure or modification to data transmitted over a compromised Bluetooth session, use Bluetooth applications that provide strong over-the-top encryption to data prior to transmission over the Bluetooth interface.
References
J. Padgette, K. Scarfone and L. Chen, Guide to Bluetooth Security, SP 800-121 rev. 1, National Institute of Standards and Technology, 2012; http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf [accessed 8/24/2016] ↩