GCN Hot Topics:

Hacking Bluetooth

In this report

How in-building wireless works

In this report

10 steps to protecting your Bluetooth device

1. Always upgrade. Make sure the software and firmware on your Bluetooth devices, especially cell phones, are the latest versions.

2. Disappear. Place all Bluetooth-enabled devices in a nondiscoverable mode. You can make this setting through a software menu on your handheld.

3. Scramble your data. Encrypt everything stored on your device so that in the event of a hack, the information is protected.

4. Don’t jot things down. Avoid storing usernames, passwords or other sensitive information on a Bluetooth-enabled device.

5. Be smart. Avoid pairing with unknown devices.

6. Change your PIN. A personal identification number is normally needed for pairing. Make yours at least eight characters long and alphanumeric. Hackers have demonstrated ways of intercepting simple PINs.

7. Be discrete. In theory, device-to-device connections could be monitored by a third person. For maximum security, don’t pair in public or in a crowded area.

8. Sniff the air. To protect your agency, it’s important to monitor for suspicious Bluetooth behavior. A hardware/software system such as BlueWatch could help you keep track of Bluetooth activity.

9. Location, location, location. Bluetooth attackers need to be close—within 10 meters—so if you’re getting attacked, move to another area and note who’s following you.

10. Power down. For maximum security, turn off your Bluetooth features when not using them.

More on this topic

A menu of Bluetooth attacks

Fact: Having your name and number in Paris Hilton’s cell phone directory is like openly publishing them on the Web.

Fiction: The miscreants who posted the heiress’ contacts online last winter got them by hacking into her smart phone through a Bluetooth radio.

Is Bluetooth technology, the underutilized short-range wireless communications you might currently have in your cell phone, PDA or notebook PC, vulnerable to attack? In short, yes—but then again, everything is vulnerable to attack. Despite erroneous reports that Paris’ smart phone was leaking info like a sieve (turns out it didn’t even have a Bluetooth radio), the good news is that current Bluetooth wireless products are—for the most part—safe and secure under most conditions. After weeks of trying to break into Bluetooth devices, the GCN Lab knows. Here’s what we found out.

True blue

Bluetooth, like its equally scrutinized wireless cousin WiFi, uses radio frequencies to move data. But that’s where the similarities end. WiFi establishes a fixed connection between a node and a network that relies on an exchange of IP addresses. Bluetooth was developed to create a simpler, smaller connection between two peripherals. As such, Bluetooth connections bypass several network protocols and don’t require an exchange of IP addresses. This characteristic of Bluetooth alone makes it more secure than WiFi because the connection is ephemeral and independent of IP addresses.

Bluetooth is like a sonar connection between two peripherals. Data hops to and from devices during each periodic ping. WiFi, on the other hand, represents a constant stream of data between an access point and a wireless client. Such a steady stream could be intercepted by a third party.

Bluetooth exploits are well known [see sidebar], but as with other networking communications, as long as Bluetooth users keep their devices up-to-date with the latest technologies, including patches and fixes, and follow up with a good dose of common sense, they can be kept fairly secure.

« Previous12 3 4 5 Next »


GCN.com	Latest News	FCW.com

Government Computer News

GCN Hot Topics:

Hacking Bluetooth

In this report

How in-building wireless works

In this report

More on this topic

A menu of Bluetooth attacks