6.6 Bluetooth Security

In Chapter 5, you saw that wireless security is a big concern, and that Wi-Fi's WEP security system leaves much to be desired. If you're wondering about Bluetooth, it's not any more secure than Wi-Fi. There are authentication and encryption settings that you can enable in the Bluetooth panel of System Preferences, as shown in Figure 6-31.

Figure 6-31. Enable Bluetooth security in the Bluetooth panel of System Preferences

The authentication setting will require the two devices attempting to connect to go through a process that checks that the PIN code is the same on both devices, after which a 128-bit link key is generated. The devices test the link key in a series of challenges, and if the authentication is successful, the devices make the connection. If the challenge fails, the Bluetooth device must wait for a while before it can attempt authentication again. This is a security measure designed to foil hackers who might be bombarding the device with a series of authentication requests.

The encryption setting will protect data transmitted between the two Bluetooth devices. The level of encryption is negotiated between the master and slave devices, and can use an encryption key of between 8 and 128 bits. Turning on encryption will make data transfers between devices somewhat slower.

As in any evaluation of security with a networking method, you have to decide how important the data being protected is, assess the likelihood that the data flowing between your devices will be intercepted, and make a judgment of how best to manage the potential risk. Because most Bluetooth networking occurs within 30-foot radius, it is easier for you to get a handle on the possible threat?you can often just look around.

You'll need to decide what you stand to lose if the data flowing between your computer and your cell phone or PDA is compromised. In our case, that data is mainly contact and scheduling information, which may be private, but since it's not secret we choose to keep encryption turned off.