Question : Bluetooth Encryption

Hi

We are running Exchange 2003, BES 4.1.7, and a range of devices.

At the moment, we allow Bluetooth, but I'm worried about the security of users pairing with another device and transferring data. We would like to enforce encryption of any data sent between Bluetooth devices. Does anyone know if Bluetooth data is already encrypted? Or is the passcode that is entered just to initially pair.

I also see there is a Blackberry BES IT Policy to "require encryption" for Bluetooth data...does anyone know what sort of encryption this is?

Answer : Bluetooth Encryption

The actual data being transferred is not encrypted, although the security pin is, which is up to a 16 digit alphanumeric pin. This is 8000000000000000000000000 different possible combinations, therefore a brute force attack is impossible. Once someone has the code or a paired device, they can access the data which is then not encrypted, that's what I mean by you can get extra encryption.

Here's some more info about bluetooth security.

Implementing Security
Developers that use Bluetooth wireless technology in their products have several options for implementing security. And there are three modes of security for Bluetooth access between two devices.

    * Security Mode 1: non-secure
    * Security Mode 2: service level enforced security
    * Security Mode 3: link level enforced security
Random Solutions  
 
programming4us programming4us