Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Bluetooth secure vs. insecure

I have been playing around with the bluetooth options on android, and found an app that gave two connection options (secure and insecure). I tried to find some information about it on the internet, but everything I found was pretty vague. I have a general idea that Insecure isn't as safe as using Secure.

What are the advantages of using one over the other? Should I always stick to Secure or should I go for insecure?

Thank you for your time,

like image 361
Marshall Avatar asked May 15 '13 14:05

Marshall


1 Answers

What are the advantages of using one over the other? Should I always stick to Secure or should I go for insecure?

The only advantage in using insecure, is that you don't prompt the user when creating a communication channel (this one would be an easy prey "Man in the middle" attacks), but that doesn't mean that it will always work. Here's a question where the user complains about some devices asks for pairing while others don't.

Also this phrase comes from android API:

For Bluetooth 2.1 devices, the link key will be encrypted, as encryption is mandatory. For legacy devices (pre Bluetooth 2.1 devices) the link key will be not be encrypted. Use createRfcommSocketToServiceRecord(UUID) if an encrypted and authenticated communication channel is desired. link

So, possibly in the future there would be no way to create an Insecure connection between two devices.

This answer your second question, you should stick with the Secure. When developing ('cause you can't know for sure if it's going to work) and for security reasons when using an app.

like image 116
Rigotti Avatar answered Oct 02 '22 16:10

Rigotti