The latest iterations on the security front utilizes ECDH for key exchange (LE secure connections) and seems fairly robust. The legacy pairing implementation is vulnerable to mitm during the very first bonding, except in the case where the devices use out-of-band data like NFC. Neither Android or iOS opted to ever implement OOB, so that made security more difficult. It required us to tell our customers to reduce output power during bonding, so that the devices had to be close enough to avoid sniffing.<p>I felt that for the Low Energy part, the security concerns in this article were quite outdated. None of the listed attacks are applicable for LE.<p>Other than that, I think this gave a very good introduction to the protocol on all layers. I think the future for Bluetooth will be its ability to hook up lots of cheap sensors to a hub (with internet access, optionally) that can work for years without changing the battery. Unfortunately, the companies that already have a market share in e.g audio are trying to stall future advances in the LE front. Others are trying to basically reimplement BR/EDR in LE, thinking it will still stay "low energy".
Why hasn't Bluetooth taken off more for wireless keyboards and mice? Bluetooth has been very common for a long time as a built-in on laptops, but good luck finding any of these peripherals that don't require a dedicated little USB receiver.<p>Is it a licensing/certification cost, or something more nebulous?
> Otherwise we'd all have to take a radio operator course before enabling the Wi-Fi or Bluetooth functions on our smartphones, or even to turn on our microwave ovens.<p>Not really. I've got a license for GMRS, but the "test" just consisted of sending the FCC sixty bucks.