Dangers Of Bluetooth Hacking
One of the guys who works for the computer repair company in one of the offices above Refresh suggested that perhaps I should do an article on the mysterious world of Bluejacking and BlueSnarfing.
The motive behind this suggestion was that whilst in a pub last night someone tried to compromise his mobile phone handset; we both agreed this was a danger Click readers should be made aware of. Bluetooth is a fantastic technology and one of its many applications allows modern day mobile phone handsets to communicate wirelessly and exchange data with each other. Although the technology currently has a theoretical maximum range of up to 100m, it is worth noting that when built into a mobile phone the two devices realistically have to be in the same room to communicate with one another.
There are many different ways this technology can be applied in the real world; one of the most useful is for hands-free headsets which will allow you to communicate with your mobile phone without the need to connect the two physically with cables. Bluetooth can also be used to send files such as movies, MP3’s and pictures to other people you know quickly, easily and best of all, for free!
Unfortunately, with most technology there is often a downside. In this instance, the problem with Bluetooth is that unless you turn it off when you’re not using it, then your phone will be continuously broadcasting itself and this can be a potential security vulnerability.
BlueJacking is a term used to refer to the sending of unsolicited messages over Bluetooth. The person sending the messages doesn’t have any control over your phone so it is technically harmless, however it can be quite confusing for the person on the receiving end when they receive anonymous messages. BlueJacking can also be used for unsolicited advertising; I was offered a box several weeks ago that when put in my window would send a message advertising my company to everyone who drove past with a bluetooth enabled phone. Of course, I declined but if such advertising technology catches on then using our phones on a day to day basis could become a lot more tiresome.
BlueSnarfing works in a different way to Bluejacking and is generally used maliciously. It takes advantage of the vulnerabilities in order to gain access to confidential data such as the contact list, pictures, and text messages. They can also dial premium rate numbers without the owners knowledge with of course can rack up large phone bills.
Another potential vulnerability of Bluetooth is that is can be used as a medium to transfer viruses. It is a rather strange state of the world when we have phones capable of contracting viruses but trust me, it does happen. Such viruses only tend to affect the handsets that have relatively advanced operating systems. Once infected these handsets then start propagating the virus by sending it out to every Bluetooth handset within range. These viruses are fairly easy to avoid because the handset does ask the user if they want to accept a file via Bluetooth before permission is given for the transfer to take place; typically only those uneducated in Bluetooth etiquette would accept such a file.
I don’t want to incite a knee-jerk reaction resulting in my readership abandoning Bluetooth ‘ It is a good technology, is genuinely useful and the risks are relatively low. If you do have a Bluetooth enabled handset there are a couple of ways to minimise your risk and luckily these are extremely easy to implement.
If you don’t use Bluetooth then keep it switched turned off or your status set as ‘undiscoverable’ as this will result in no malicious users being able to locate your handset. If you do require or simply would like to keep Bluetooth enabled then make sure that if you are asked whether you would like to receive a file you weren’t expecting then reject it. Simple!