Abstract
Bluetooth security has been a growing concern among users and manufacturers of a wide variety of mobile devices and gadgets. This is because these devices have come to require this wireless connectivity method to communicate various types of data between themselves. Be-cause of this rise in popularity, threats to the privacy and security of Bluetooth communications have emerged. This paper focuses on Man-In-The-Middle (MITM) attacks, a persistent and dangerous form of intrusion that can affect almost all wireless technologies including Bluetooth. We de-scribe the vulnerabilities that allow this type of attack to happen within the Secure Simple Pairing (SSP) mode, which has originally been designed to thwart MITM attacks. Moreover, we present the proposed solutions to these vulnerabilities. We then claim that these existing solutions cannot be used for a variety of practical reasons. These reasons will be presented in details and the most common ones will be matched with the previously mentioned solutions in order to find one predominating factor among the solutions and among their non-application reasons. The last part of this paper will describe two novel MITM attack scenarios on an improved version of SSP called ESSP, which should further demonstrate the need to completely shift directions in the thwarting of Bluetooth intrusions, some-thing that should provide a starting point for further research that takes on this technological challenge. Furthermore, we devise two novel counter-measures for ESSP. Finally, we present some new future research work ideas.