Mobile Threat Catalogue

Secure Simple Pairing Attacks


Threat Category: Network Threats: Bluetooth

ID: LPN-15

Threat Description: An attacker may be able to force or entice a Bluetooth device to participate in Just Works SSP, which is susceptible to MiTM attacks.

Threat Origin

Guide to Bluetooth Security: Draft NIST SP 800-121rev2 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures

Mobile Device User

To reduce opportunity for this attack, disable Bluetooth when that feature is not in use.


Use EMM/MDM solutions in combination with devices that successfully enforce a policy inhibit Just Works functionality or disable Bluetooth entirely, as appropriate.


  1. J. Padgette et. al, Guide to Bluetooth Security, Draft SP 800-121 rev. 2, National Institute of Standards and Technology, 2016; [accessed 12/07/2016]