Bluetooth has been around for quite a while. Security researchers repeatedly take a stab at its security. Tommi Mäkilä & Jukka Taimisto of Codenomicon presented ways to sensibly test Bluetooth stacks. Their presentation was held at the DeepSec 2011 security conference:
"Bluetooth robustness is wretched, no surprise there. Bluetooth test results from plugfests show 80% failure rate, eight out of ten tests end with a crash. It is not pretty, it is sad and frustrating. For a moment, few years back, there seemed to be light at the end of the tunnel: the failures were moving up the Bluetooth stack, and for example L2CAP robustness showed some improvement. Only for a moment though, as recent tests again show a steady decline in results.
In this session, will discuss Bluetooth vulnerabilities and the problems they may cause. We will share our test results from plugfests and car kit tests, including a few demos of actual test cases. That will basically demonstrate how easily everything crashes: we were unable to complete a single test run successfully. Sooner or later, usually sooner, every equipment failed.
Of course, presenting one failed test case after another is not very interesting in the long run. That is why the second part of the presentation consists of discussion on fuzzing techniques and creating intelligent fuzzers for Bluetooth systems. We will discuss attack vectors, different approaches and opportunities, and speculate the possibility to break the pairing requirement. We will also discuss how and why building intelligent fuzzers is basically a waste of time, since all the test targets will fail even with the less intelligent test suites."