Technology‎ > ‎

Dangers of Bluetooth hacking

posted 1 Nov 2010, 03:24 by Sam Mbale   [ updated 1 Nov 2010, 03:25 ]

One of the guys who works for the computer repair company in
one of the offices above Refresh suggested that perhaps I
should do an article on the mysterious world of Bluejacking
and BlueSnarfing.

The motive behind this suggestion was that whilst in a pub
last night someone tried to compromise his mobile phone
handset; we both agreed this was a danger Click readers
should be made aware of. Bluetooth is a fantastic technology
and one of its many applications allows modern day mobile
phone handsets to communicate wirelessly and exchange data
with each other. Although the technology currently has a
theoretical maximum range of up to 100m, it is worth noting
that when built into a mobile phone the two devices
realistically have to be in the same room to communicate
with one another.

There are many different ways this technology can be applied
in the real world; one of the most useful is for hands-free
headsets which will allow you to communicate with your
mobile phone without the need to connect the two physically
with cables. Bluetooth can also be used to send files such
as movies, MP3's and pictures to other people you know
quickly, easily and best of all, for free!

Unfortunately, with most technology there is often a
downside. In this instance, the problem with Bluetooth is
that unless you turn it off when you're not using it, then
your phone will be continuously broadcasting itself and this
can be a potential security vulnerability.

The term used to the sending of unwanted messages over
Bluetooth is 'Bluejacking'. As the person sending the
message is not able to control your device it is technically
harmless, however  it can be very confusing to the person
receiving anonymous messages. Another way this can be used
is for unsolicited advertising; I was offered a box several
weeks ago that when put in the shop window would
automatically send a message advertising my company to
everyone who drove past with a bluetooth enabled phone. I,
of course, declined, but imagine if every shop down a high
street had one of these boxes then we would be inundated
with adverts making our day-to-day life a lot more tiresome.

BlueSnarfing is in a different league to BlueJacking as it
is usually used for malicious purposes. By taking advantage
of vulnerabilities in susceptible handsets the BlueSnarfer
can potentially gain access to confidential data within the
phone such as the contact list, pictures, videos and text
messages. There have even been instances where the
BlueSnarfer can dial premium rate phone numbers without the
consent or knowledge of the handset owner.

Another vulnerability is that Bluetooth can be used to
transfer viruses. It does sound a bit strange that a phone
can be susceptible to viruses but it is the case that the
more advanced the phones operating system, the greater the
chances of this happening. Once infected the phone will then
transmit the virus onwards to every other handset within
range. This is normally achieved by a file transfer, which
makes them fairly easy to avoid. All you need to do is not
accept and suspicious looking files, much like you would do
with your e-mails.

I don't want to incite a knee-jerk reaction resulting in my
readership abandoning Bluetooth - It is a good technology,
is genuinely useful and the risks are relatively low. If you
do have a Bluetooth enabled handset there are a couple of
ways to minimise your risk and luckily these are extremely
easy to implement.

If you don't use Bluetooth then keep it switched turned off
or your status set as 'undiscoverable' as this will result
in no malicious users being able to locate your handset. If
you do require or simply would like to keep Bluetooth
enabled then make sure that if you are asked whether you
would like to receive a file you weren't expecting then
reject it. Simple!


About the Author:

Chris Holgate is a director and copyrighter of the online Ink
and Toner website Refresh Cartridges
http://www.refreshcartridges.co.uk He writes a weekly
article of all things tech related.
Comments