Yo!
I'm very concerned by what I hear about Bluetooth Low Energy security. According to this guy, who presented a paper on the subject at a USENIX conference last year, the protection provided by the Just Works and Passkey Entry key exchange methods is extremely poor. They also describe ways to make devices which have already bonded renegotiate long-term keys - somewhat undermining the argument that once bonding has taken place data is secure.
That leaves Out-Of-Band which, according to this thread, isn't supported by common centrals > _ <
I guess my question is "How do I securely transfer data using Bluetooth Low Energy?" Do I need to completely give up on the 'protection' provided by BLE and implement something at the application layer? Also, who makes common centrals and how can I send them pleading letters begging for OOB support? (this last question is only semi-serious btw ;))
Thanks for your comments!