Unlike Bluetooth and 802.11, Infrared requires an unobstructed line of sight in order for two devices to communicate with each other. It also has a much smaller operating range, compared to the other two. For these reasons, Infrared does not provide any security mechanism at the link level; instead, applications must implement their own security measures at a higher protocol level.

To better understand the security risk of Infrared, let’s look at some characteristics of it. An infrared connection operates at a range of 0 to 1 meter, with peak intensity within a 30 degree cone (see Figure 7-26). With more power, a longer operating range is possible with a reduction in transfer speed. In addition, an infrared connection requires a visual line of sight (LOS) in order to work. In other words, there must be no direct obstruction between the two communicating devices.

Figure 7-26. The 30 degree cone for peak power intensity of an infrared port

Considering that infrared communications operate at such a short range, it is quite difficult for an attacker to eavesdrop without being noticed (or completely breaking the connection).