Avoid Wireless attacks through your Bluetooth Cell Phone

Avoid wireless attacks through your Bluetooth cell phoneBluetooth® wireless technology is included with many cell phones and PDAs. Initially designed to let you swap documents between other Bluetooth devices without the use of connecting cables, it has since expanded to provide services such as Web connectivity and online game playing.However, any time you transmit information online, you can be vulnerable to online attack; and as the popularity of Bluetooth increases, so does its interest to cybercriminals.

The Bluetooth process and vulnerability

When it’s set to “discoverable” mode, your Bluetooth cell phone or PDA sends a signal indicating that it’s available to “pair” with another Bluetooth gadget and transmit data back and forth.

However, an attacker who detects this signal could also attempt to pair with your device and hack in to steal your personal identification number (PIN). You could remain unaware, while the attacker, with your PIN in hand, could be:

Bluetooth discoverable mode

Stealing information stored on your device, including contact lists, e-mail, and text messages.
Sending unsolicited text messages or images to other Bluetooth-enabled gadgets.
Accessing your mobile phone commands, which allows the attacker to use your phone to make phone calls, sent text messages, read and write phonebook contacts, eavesdrop on conversations, and connect to the Internet.
Installing a virus on your device that could wreak the same kind of havoc that a virus could on your computer—for example, slowing or disabling your service, or destroying or stealing information.

Criminals have also been known to drive around with Bluetooth detectors, looking for cell phones and PDAs to infiltrate; and to outfit laptop computers with powerful antennas in order to pick up Bluetooth signals from as far as a half-mile away.

The latest forms of high-tech attack even include forcing Bluetooth devices to pair with the attacker’s device when they are not in the discoverable mode. (It’s also very labor-intensive, so targets tend to be individuals known to have a very large bank account or hold expensive secrets.)

Tips to improve your Bluetooth security

Keep your Bluetooth setting to “non-discoverable” (transmission-disabled) and only switch it to “discoverable” when you’re using it.Just leaving your cell phone or PDA in the discoverable mode keeps it dangerously open for Bluetooth transmission—a Bluetooth user within up to a 30-foot range can receive your signal and potentially use it to access your device as you walk around town, drive, or even walk through your office.
Use a strong PIN code. Codes of five digits or longer are harder to crack.
Avoid storing sensitive data such as your social security number, credit card numbers, and passwords on any wireless device.
Stay up-to-date on Bluetooth developments and security issues, and regularly check with the manufacturer of your device for news on software updates or any specific security vulnerabilities.

More Bluetooth tidbits

Q: Why is this technology called Bluetooth?
A: Just as Bluetooth wireless technology links two different gadgets together, the 10th century Danish king Harald “Blatand” united the separate kingdoms of Denmark and Norway. “Blatand” loosely translates to “Bluetooth” in English.

Q: What does it mean when someone gets “Bluejacked”?
A: “Bluejacking” is one of many terms of Bluetooth attack jargon:

Bluejacking: sending unsolicited text messages
Bluesnarfing: stealing information
Bluebugging: stealing mobile phone commands
War-nibbling: driving around looking for Bluetooth signals to attack
Bluesniping: using a laptop and powerful antenna to attack from a distance

The Bluetooth trademarks are owned by Bluetooth SIG, Inc.

Advertisements