Bluetooth has powerful security features with the SAFER+ (Secure And Fast Encryption Routine) encryption engine using up to 128 bit keys (Bluetooth Connect Without Cables by Jennifer Bray and Charles F Sturman).
At the Link Level, it is possible to authenticate a device. This verifies that a pair of devices share a secret key derived from a Bluetooth passkey, also known as a Personal Identification Number (PIN). The Bluetooth passkey is entered either in a user interface or for devices such as headsets, which do not have a user interface, the manufacturer can build it in.
After authentication, devices can create shared link keys, which can be used to encrypt traffic on a link. The combination of authentication and creating link keys is calling pairing, possibly accompanied by exchange of higher-level security information, and is called bonding.
Authentication may be repeated after pairing, in which case the link key is used as the shared secret key.
Three modes of security can be implemented: Mode 1 is not secure, Mode 2 has security imposed at the request of applications and services, and Mode 3 has security imposed when any new connection is established.