Bluetooth

Bluetooth is a highly versatile wireless communication technology that is widely used for connecting devices over short distances. However, its capabilities differ significantly between versions, and it’s therefore important to pay a close attention to the details to ensure proper security and functionality such as audio quality.

Version history

• Bluetooth 4.0 (2010)
  • Bluetooth Low Energy (Bluetooth LE, aka. BLE), which is an independent protocol from classic Bluetooth.
• Bluetooth 4.2 (2014)
  • LE Secure connections (LESC), which improves the security significantly and fixes the broken BLE key exchange protocol in Bluetooth 4.0 and 4.1.
• Bluetooth 5.0 (2016)
  • Higher transmission speed (2 Mbps), longer range and lower battery consumption for BLE
• Bluetooth 5.1 (2019)
  • Angle of arrival (AoA) and Angel of Departure (AoD), which provide knowledge on the direction of nearby devices.
• Bluetooth 5.2 (2019)
  • LE Audio, including the LC3 codec

Security

• Bluetooth versions prior to 4.2 are fundamentally broken.
  • Bluetooth 4.0 and 4.1 key exchange is broken, allowing an attacker to decrypt the traffic, sometimes in less than a second.
• Bluetooth 4.2 introduces the LE Secure Connections (LESC), which fixes this and improves the security significantly.
  • LESC has four security levels
    • Level 1: no encryption
    • Level 2: AES-CMAC (aka. AES-128, RFC 4493, FIPS-compliant), no pairing required
    • Level 3: encryption and with pairing requirement
    • Level 4: ECDHE authentication with the P-256 curve
      • P-256 is one of the NIST curves and notoriously difficult to implement. Therefore, I won’t be surprised if and when vulnerabilities are found in the implementations.
  • LESC also has four security modes
    • Mode 1: no signing
    • Mode 2: signing for both paired and unpaired connections
    • Mixed security mode: support for both mode 1 and 2
• When purchasing Bluetooth keyboards or other devices that transmit sensitive information, ensure that they support at least Bluetooth 4.2, preferably Bluetooth 5.0 or above.
• Most devices prior to 2018 are vulnerable to the KNOB attack.
• Bluetooth 4.2 - 5.4 (and likely above) are vulnerable to the BLUFFS MITM attack (CVE-2023-24023).
• Please see the accessories section of the purchase guide for further information on the security of Bluetooth accessories.
• SweynTooth
• BlueBorne

Audio

• Bluetooth audio codecs are a mess
  • Comparison of various codecs
  • AAC
    • Proprietary
    • AAC over Bluetooth is unstable on Android
  • aptX
    • Proprietary
    • There are several variations with varying quality. In general, they are not much better than SBC.
  • CVSD
    • With microphone support. Horrible quality. Use mSBC instead.
  • LC3
    • Successor of SBC for Bluetooth 5.2 and Android 13 ->. Use this if you can.
  • LDAC
    • The encoder is open source, but the decoder is proprietary. Supported by Android 8 -> and PipeWire (Ubuntu).
    • Much better than SBC and AAC. Use this if you can.
  • LHDC
    • Supported by Android 10 ->
  • LLAC
    • Low latency verison of LHDC, aka. LHDC LL
  • mSBC
    • SBC with microphone support. Horrible quality, but much better than CVSD.
  • SBC
    • Basic codec. Support is mandatory for all stereo Bluetooth audio devices.
  • SBC-XQ
    • SBC with a higher bitrate, resulting in quality comparable to aptX HD. Supported by LineageOS 15 -> and PipeWire (Ubuntu 22.10 ->)
• Standard Bluetooth does not support stereo audio output and mic input at the same time. If you enable the microphone, the audio will be mono and of horrible quality. This is a fundamental limitation of the Bluetooth protocol.

Adapters

The documentation of the Home Assistant Bluetooth integration has a list of known good adapters. However, many of those are for old Bluetooth versions, and therefore I recommend finding one with at least Bluetooth 5.0, preferably 6.0 or later.

I’m currently using this Bluetooth 6.0 adapter for my home automation. (The “official” Windows drivers are available from this link, which points to this Dropbox folder)

Trackers

Finding lost and stolen items with Bluetooth trackers is based on the idea that a phone that is part of the tracker network will pass by. To enable this, the tracker should be part of a large network. At the moment, the largest tracker networks are Apple’s Find My network and Google’s Find My Device network. Therefore, the tracker should be compatible with at least one of these networks, preferably both. One such tracker is Chipolo POP.

Directional tracking is possible with trackers that support Ultra-wideband (UWB) communication. This requires an UWB radio in the phone. UWB is supported in Android 13 and later, and in iPhone 11 and later. However, as of 2025, Android devices with UWB support are still quite rare. Wikipedia has a list of supported devices.