That isn't my point though!
It's that you can't send any data bigger than a handshake request
- "Here's my contact and key, please accept it!"
Without the user entering that key - it's short, but it's on the other guy's device so is relatively secure.
Unless people start telling their device "Accept everyone!" or a manufacturer decides to allow a device to do that by default larger unaccepted transmissions will remain impossible.
Now you've forced me to think further though:
More importantly I am ignoring the possibility (nay, likelihood) that BT firmware security holes (eg. unchecked buffers) exist, that would allow someone who wrote their own BT handshake code to do all manner of interesting things.
Hopefully the proliferation of these devices by many different manufacturers will stop it being a problem, but I get the feeling that won't happen, especially as there are only about five manufacturers of BT chipsets, and Nokia are to mobiles what MS are to operating systems.
Little bit more stable though! |
