Section 67. About Bluetooth Security


67. About Bluetooth Security

BEFORE YOU BEGIN

63 About Bluetooth


SEE ALSO

64 Turn Bluetooth On and Off

65 Pair Up with a Bluetooth Headset or Car Kit

66 Tweak Bluetooth Options


There have been some concerns in the mobile community about Bluetooth security as more and more devices ship with support for Bluetooth. The concerns primarily have to do with the fact that Bluetooth is capable of opening up a notebook PC, handheld, or mobile phone to wireless attacks. Part of the problem is that some users don't realize that, by enabling Bluetooth on their devices, they might be opening a gateway for unwanted communications, much like accessing the Internet without a firewall. Another part of the problem concerns a few faulty Bluetooth implementations that expose several models of mobile phones to attack.

In reality, Bluetooth is a sophisticated technology that addresses security very seriously. Bluetooth connections require acceptance by the user and are capable of using 128-bit encryption in conjunction with other security protocols. The real concern with Bluetooth security isn't so much the technology itself as it is the manner in which people use it. As an example, the front door of your house doesn't pose a security risk unless you leave it unlocked. The door offers security by virtue of the lock, but you must take some responsibility in shutting and securing the lock after you pass through the door. Similarly, Bluetooth requires some responsibility on the part of the user if it is to offer maximum security.

To better understand your responsibility in keeping your BlackBerry device secure from Bluetooth attackers , it's important to understand the types of attacks that can be launched against a Bluetooth device. The simplest and least dangerous form of Bluetooth attack is known as Bluejacking , which is really more of an annoyance than a true security attack. In Bluejacking, another Bluetooth user sends an unsolicited message (usually as an electronic business card) through a Bluetooth connection to your device. You certainly have the option of rejecting the message, but just the fact that you are prompted by it, unsolicited , is a hassle. To send you a Bluejack message, of course, the other person has to be within 10 meters (32 feet) of your device, but this can be easily accomplished with anonymity in a crowded area.

KEY TERM

Bluejacking A minor Bluetooth security attack in which another user sends you an unsolicited message using a Bluetooth connection. The term doesn't refer to hijacking, but instead originated with a person named Jack who anonymously sent the Bluetooth message "Buy Ericsson" to a Nokia phone user while waiting in line at a bank.


It's important to understand that Bluejacking doesn't put your device at risk in any way. Both parties in a Bluejack communication are in complete control of their devices, and the Bluejacker has no way of extracting any information from your device. That's why I refer to Bluejacking as more of an annoyance than a true security attack. Even so, some people are shocked to receive an unsolicited message or, in the case of some phones, an image or a sound. They wrongly assume that someone has attacked their phone or given them a virus. Quite the contrary; some people have turned Bluejacking into a more positive experience by using it as a way to meet new people. To learn more about Bluejacking and view the official Bluejack Code of Ethics, visit http://www.bluejackq.com/.

A much more serious Bluetooth security attack is known as Bluesnarfing , which involves another Bluetooth user gaining access to your device data and literally stealing information from your device. The at-risk data can include your contact list, text messages, memos, and anything else stored on your BlackBerry device.

Although Bluesnarfing has certainly taken place in the past, it relied on a hole in the Bluetooth implementations on certain specific mobile phones, and not on a weakness with Bluetooth itself. In other words, the Bluetooth technology is secure enough to prevent Bluesnarfing, assuming that device manufacturers implement Bluetooth properly on their devices. Fortunately, there are no reported security problems with the Bluetooth implementation on BlackBerry 7100 series devices.

KEY TERM

Bluesnarfing A very serious Bluetooth security attack in which another user gains access to the data on your device using a Bluetooth connection.


Another topic closely related to Bluetooth security is Bluetooth sniping , which involves using specially modified equipment to send and receive Bluetooth signals over a long range, currently up to 1 mile. When combined with Bluesnarfing, Bluetooth sniping presents an extremely dangerous opportunity for hackers to breach Bluetooth devices from a long distance. So far, Bluetooth sniping has been used primarily as a way of simply exploring the limits of the Bluetooth technology. It does open up the prospect of attackers operating from afar, assuming that they've figured out a way to access your device.

KEY TERM

Bluetooth sniping The process of using specially modified equipment to send and receive Bluetooth signals over a much longer range than intended. Currently, the longest successful Bluetooth snipe is about 1 mile.


Now that you understand what is at risk with Bluetooth from a technological level, it's important to explain your side of the security equation. As with many technologies, it turns out that the Bluetooth technology is surprisingly secure and the real weak link is us humans . Bluetooth is obviously a communication technology that allows you to connect devices wirelessly . The key to keeping your BlackBerry device secure is ensuring that only devices you want connected to it are indeed connected to it. This involves some vigilance on your part to ensure that you don't inadvertently allow someone else to connect to your device. How can this happen?

Let's start with the biggest Bluetooth issue of them allmaking your device discoverable. Your BlackBerry device can be set as discoverable or invisible, with the former option allowing any other Bluetooth device to see your device. Although seeing is different from connecting, by making your device discoverable you significantly increase the chances of someone attempting a security attack against you. It's just too easy to fish for devices in a crowded area and take a stab at breaching one of them. As I've already said, Bluetooth is pretty solid in terms of its security, but remaining invisible is significantly safer than being discoverableat least if you're a Bluetooth device. And keeping your device invisible is the best defense against Bluejacking.

On the other hand, the discoverable feature is built in to Bluetooth devices for a reason. For example, your car's hands-free Bluetooth system might require your BlackBerry device to be discoverable to connect, or at least connect more quickly. In this example, it might be advantageous to keep your device discoverable when driving to aid in connecting to your car's hands-free system. You might find that there is a reasonable tradeoff in terms of keeping your device discoverable some of the time and then setting it to invisible when you're in crowded areas where an anonymous attacker might be more apt to strike.

Another area in which many BlackBerry devices are potentially at risk is pairing . When you pair your device with another device, each device is added to the other's device list and given the capability of connecting to the other. In most cases, this arrangement is fine because you want to initiate a connection with a device. But if someone can secretively pair her device with yours, she could feasibly connect to your device without your knowledge. For this reason, most Bluetooth device users have to be careful about allowing other people to borrow their devices.

Because BlackBerry 7100 series devices have support for only a few, limited device profiles (headset and hands-free), this risk is all but eliminated. It's unlikely that someone would figure out a way to use a headset or hands-free car kit to violate the security of your device. Even so, for good measure, I recommend initially pairing your device with your headset or hands-free car kit in a private area (a safe distance away from other potential Bluetooth users) and then being very careful about allowing others to tinker with your device.

To summarize, here are a few tips to help maximize Bluetooth security with your BlackBerry device:

  • Only make your device discoverable when absolutely necessary.

  • Only pair up with new devices in private, out of range of other potential Bluetooth users.

  • Don't allow anyone else to tinker with your BlackBerry device.

  • Don't respond to unsolicited messages you receive.

If you follow these guidelines, you should be able to safely enjoy the benefits of Bluetooth with minimal worries about your device's security.



BlackBerry in a Snap
BlackBerry in a Snap
ISBN: 0672326701
EAN: 2147483647
Year: 2005
Pages: 149

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net