Protect Your Mobile from Bluetooth Attacks

Tue Sep 25, 2007 6:10AM EDT

See Comments (2)

I don't think about Bluetooth that much, but all of that will change next year when the State of California puts into effect a new driving law that requires drivers to use hands-free devices in their cars. Those who haven't needed one before will most certainly want one now, so this would be a good time to become familiar with vulnerabilities and risks associated with Bluetooth devices.

According to research firm Insight Express, 73 percent of mobile device users are not aware of the security risks associated with Bluetooth-equipped devices. Ooi Szu-Khiam, senior security consultant at Symantec Singapore, told ZDNET in an email that in the past year, numerous mobile viruses, worms and Trojan horses have emerged, and their evolution is cause for concern. These potential risks are commonly known as bluejacking, bluesnarfing, and bluebugging to techies and security experts, and they're all bad news for your phone. You can read more about these threats in detail over at ZDNET, but here's a quick rundown of what they are in a nutshell:

  • Bluejacking is a technique used to send unsolicited text messages to mobile users via Bluetooth.
  • Bluesnarfing is the unauthorized access of information on your phone through a Bluetooth connection. This attack allows hackers to copy data off your phone, including contact lists, emails, text messages, and even private videos or photos.
  • Bluebugging is the most serious threat of all. A hacker has the ability to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations, and connect to the Internet.

What you can do

Ooi suggests users install security software on their mobile devices that include antivirus, firewall, anti-SMS spam, and data-encryption technologies. He also recommends users take the following precautions:

  • Stay offline: Turn off features that you are not using. If you have a Bluetooth-equipped device and do not need the function, then don't turn it on.
  • Stay invisible: If you are using the Bluetooth function and don't require your device ID to be visible to others, make sure the device's visibility setting is set to "hidden" so malicious hackers will not be able to scan and search for it.
  • Verify incoming transmission: Do not accept and run attachments from unknown sources unless you are expecting them. For example, if you receive a message to install an application and you don't know its origin, don't run it.
  • Use passwords: Ideally, use passwords with a large number of digits. A four-digit PIN or password can be broken in less than a second, and a six-digit PIN in about 10 seconds, while a 10-digit PIN is likely to take weeks to crack.

I'm sure you've heard it all before, but a refresher never hurt anyone. You might want to pass this along to someone who may not be up to speed on Bluetooth security, and as always, feel free to offer any other suggestions in the comments below.

Users need refresher on Bluetooth security [ZDNet Australia]

Related:
What's Bluetooth?
Brushing Up on Bluetooth
Viruses on Your Mobile Phone

 

Comments on Protect Your Mobile from Bluetooth Attacks

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by rogueist on Tue Sep 25, 2007 11:32AM EDT Report Abuse

    The chances of any of these things happening to your Bluetooth cellphone is ZERO. Most of this is FUD based on proof of concept things done by people overseas. And because of this people think that its actually done in practice. But the general list of things to do to reduce your chances of having this happen is 100% correct. Bluejacking requires the Bluetooth device to be in discovery mode - so keep it hidden. Bluesnarfing can only be done if they know your Bluetooth ID and have made a connection to you previously and you have accepted their connection. Bluetumbling requires you to have previously PAIRED with the other device and removed it from your list. Some 3% of phones manufactured BEFORE 2004 are affected by this (they still transmit even when they are supposed to have discovery mode turned off). Less than 1% of current phones are affected by this (bugs in code and other vulnerabilities).

  • 2 Posted by ccacioppo1@verizon.net on Tue Sep 25, 2007 3:01PM EDT Report Abuse

    Nice points were made by this article. (Thanks, Gina!) Most folks are not aware of this type of potential 'open door' in a Bluetooth enabled device. The 'raise the level of awareness' factor alone makes this article -- a good read. Its funny how my Bluetooth head set was able to connect to my co-workers' Bluetooth enabled phone from 10 feet away and I called 'his home' via voice command. His phone was set to automatically accept the device pairing etc. We did this in fun and it dispels any notion that there are "NO" issues with security and Bluetooth. Enough said, Thanks for the points made!

More Posts: First Prev 1 Next Last

Post a Comment

Sign In to Post a Comment

 

Sign In to see your profile information, saved products and more...

Register Sign In

My Favorite Gadgets

 



Quick Compare See All Favorite Gadgets
 

Recent Activity

 

Recently Viewed

on | off on | off
 

Recent Searches

on | off on | off
 
 
 

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.