I have heard that Bluetooth is not very secure, but do not understand exactly how/tech stuff in general. My understanding from reading this (p. 39-40) is that beyond the obvious (don't accept shit you didn't request, leave Bluetooth off when not actively paired or pairing with something, don't buy Bluetooth shit that uses older versions) I should mainly be worried about:
- devices pairing with Just Works/that use a fixed PIN for modes that use user-entered PIN, which I would assume is pretty much anything that doesn't have display/input capabilities and just pairs through discovery mode or whatever?
- devices that don't securely store the link key (it doesn't change from connection-to-connection and is generated/stored when first pairing things, right?)
- hostile devices spoofing previously paired ones, but they would still need the link key to do, and even in that case, would still need to enter an identical PIN to one I enter if using secure pairing mode(?)
Is there anything else I should keep in mind? I'm also curious if there's a way to like, sandbox Bluetooth devices such that they can only send/receive data to/from specific apps, and would like some recommendations for wireless earbuds/headphones that are known to be secure.