Threat Category: Network Threats: Bluetooth
Threat Description: Bluetooth devices that pair using PIN/Legacy pairing (Bluetooth 2.0 and earlier) or low energy Legacy Pairing are vulnerable to eavesdropping. If an attacker can capture all pairing frames, the secret keys can be determined given enough time, facilitating device tracking, impersonation, and the decryption of data transmitted between devices for which secret keys are known.
Guide to Bluetooth Security: NIST SP 800-121rev2) 1
To prevent this attack, when pairing devices, observe physical security, such as pairing devices in a secure location outside of which, the ability of an attacker to intercept Bluetooth messages is remote.Mobile Device user
Avoid the use of Bluetooth 2.0 or earlier devices, or those that only support Legacy Pairing.
J. Padgette et. al, Guide to Bluetooth Security, Draft SP 800-121 rev. 2, National Institute of Standards and Technology, 2016; http://csrc.nist.gov/publications/drafts/800-121/sp800_121_r2_draft.pdf [accessed 12/07/2016] ↩