Wireless Security: The Trouble with Bluetooth
Although wireless security is a hot topic these days, you seldom hear any conversations about the vulnerabilities in Bluetooth technology. Perhaps the technology isn't touched on because of its short range, and the fact that it's primarily used with cellular communications. However, there are a few experts aware of the flaw in Bluetooth, believing that it is one the most inefficient technologies of modern times in regards to security.
Bluetooth was intended to be the basis of the PAN (personal area network) setting, providing a way for devices in close proximity to wirelessly communicate with each other. The range of these transmissions range from an estimated 1 to 100 meters, depending on the device's power. The most powerful class of Bluetooth devices have the ability to communicate at distances similar to a Wi-Fi network, which is typically more than 300 feet. Similar to a wireless computer network, Bluetooth is susceptible to a wide range of security threats.
Why Security Matters
While most people only use Bluetooth to connect a wireless headset or another device to a portable computer, this technology has many other uses as well. For instance, some people use Bluetooth to create temporary computer networks. This is commonly done in a corporate setting where staff members have a need to share files. When using Bluetooth to establish a network, computers interact directly with one another opposed to using a wireless access point. This means there is no centralized point of control, creating a major security concern as important data can be exposed to others using the Bluetooth network. Since the range for some classes of Bluetooth devices can be well over 300 feet, an outsider may be able to establish a link from your network even when not directly in the vicinity.
Bluetooth-enabled mobile phones are another concern. These devices often stored personal information such as calender information, home addresses, contact phone numbers and other sensitive data. Someone with a little knowledge on the technology can use it to hack into these phones and thieve that information, a practice more commonly termed as bluesnarfing.
Bluebugging is a similar Bluetooth hacking technique. It involves accessing a mobile phone's commands which allows an intruder to make calls, add, modify or delete contacts or eavesdrop on the victim's phone conversations. Bluetooth devices have also been targets of DoS attacks (denial-of-service) attacks. Similar to computer network exploits, this attack involves flooding a device with so may request it becomes inoperable as the battery quickly degrades.
Bluetooth technology has also been targeted by malware in the form of viruses and worms. One such infection is Cabir, a piece of malicious software that propagates to other Bluetooth-enabled devices using the Simbian OS. An attacker can use this type of exploit to erase phone numbers and contacts or completely seize control of someone else's phone.
Preventing Bluetooth Exploits
The relatively short range of these devices is a contributing factor to many of the security issues. These vulnerabilities are currently being addressed by several mobile phone manufacturers. Since this technology is so fragile and still relatively new, it is important that you frequently upgrade to the most recent Bluetooth-enabled devices and keep them updated with the latest software.