Is Bluetooth File Exchange Completely Secure? [clo

2019-06-18 04:16发布

问题:

What are some possible attacks that I could face when I transfer a file via bluetooth? Also, are files transferred between Android phones via bluetooth encrypted?

回答1:

2 common attacks are - Passive eavesdropping and man-in-the middle attack If you are using the Bluetooth 2.1 and above and both devices are 2.1+ then passive eavesdropping is extremely difficult and unlikely even with sophisticated hardware. For older devices which used the PIN, the selection of PIN and length of PIN key is important, a large 16 character alpha-numeric pin can be used to make it more difficult to passively eavesdrop and listen in.

Man in the middle is a sophisticated attack where a device is in the middle and acting like the device you want to connect to , but instead relaying data. With Bluetooth and normal usage scenarios it is difficult because it requires the attacker to be in close vicinity and spoof address etc. With Bluetooth 2.1 and above there are few models of pairing , and except for the just-works model where devices pair itself without any user interventions , the other models (user confirmation, pass-code entry etc) all provide security to the man in the middle attack also,

So to summarize currently Bluetooth 2.1 is one of the most secure successful wireless technologies.

To answer the second part of the Question, - The answer is Yes, Bluetooth 2.1+ mandates authentication followed by encryption on all profile communications.