Is it possible to have bluetooth in my machine being controller or (if not interfered) by another bluetooth mouse in nearby computer?
What prevents it? What if they have same pairing code?
I'm not so aware with the bluetooth security. Please can anybody enlighten my curiosity?
The pairing code is not for authentication but merely for identification: two devices shows the same pairing code to let you know you are pairing the correct devices. Not all Bluetooth devices have a screen, so it's also possible to pair devices without the code.
In short, paired communications are encrypted and there's a key exchange, invisible to user and not related to the pairing code. Actually there are four security levels and two modes, explained well by Mark Loveless:
- Security Level 1 supports communication without security at all, and applies to any Bluetooth communication, but think of it as applying to unpaired communications.
- Security Level 2 supports AES-CMAC encryption (aka AES-128 via RFC 4493, which is FIPS-compliant) during communications when the devices are unpaired.
- Security Level 3 supports encryption and requires pairing.
- Security Level 4 supports all the bells and whistles, and instead of AES-CMAC for encryption, ECDHE (aka Elliptic Curve Diffie-Hellman aka P-256, which is also FIPS-compliant) is used instead.
Therefore, what you suggest wouldn't happen by accident. But there have been security holes in bluetooth pairing, too. (Also, it's a good prank to mix all wireless mice at the office, but that's on the physical layer.)
