Published February 2005

Bluetooth users need
to fill in security cavities

By Lionel Contreras
Guest Columnist

With the introduction of Bluetooth wireless technology, the nice, easy, user-friendly information usage from one device to another spread pretty quickly. Now enter the bad guys.

There are several things going on with Bluetooth that a lot of users are not aware of; one is called “bluesnarfing.” This is when someone scanning the 2.4-Ghz range picks up open Bluetooth devices, downloads information and deletes or changes things, though often, they just do the downloading.

So your phone lists and stored information such as passwords and pin numbers are in the hands of a stranger, a stranger who may be using the information to do a little identity theft scam.

Or that information could fall into the hands of someone who thinks that when you call the office, it would be funny if you connected to a 1-900 dial-a-porn number. It’s up to them, because you left your device wide open for them to do what they want. They have your information, and, if they want, they can change your info or clean it out and leave you high and dry.

Now, the entry-level bluesnarfer is limited to about 20 feet to tag someone’s device, but a diehard snarfer can pull something off called “Bluetooth sniping.” This is done with about $200 worth of off-the-shelf parts, making a Bluetooth sniper device that can work up to 1,000 yards away. You can bet these guys will use every bit of information they get, probably for identity theft or other dastardly deeds.

Hidden mode doesn’t offer protection with those who have a sniffer that detects Bluetooth devices in hidden mode, and truly, the best defense against bluesnarfing is simple: Turn off your Bluetooth connections when you are not using it.

Bluesnarfing usually takes place while the device is sitting in your pocket, briefcase or purse. If you turn off the Bluetooth connections, there is no way for someone to hack into your device or phone.

The second problem of which Bluetooth users may not be aware is called “bluebugging.” This is when someone gets into your Bluetooth phone and hijacks it.

Prime example: Someone who knows you are business competition, wants to hear what you and Target B are working on, and so bluebugs your phone. Now, when you’re talking with Target B, the “bluebugger” tells your phone to dial his, and without your knowledge, you are on a three-way conference call, and he’s taking detailed notes on everything you and Target B are saying.

Also, while you are talking on the phone, the bluebugger can hang up your calls, or, while your phone is sitting in your pocket, he can be making long-distance calls — which will show up on your bill.

To combat bluebugging, take caution. If someone says he admires your phone and just wants to take a look at it for a second, don’t let him touch it! This is a method of getting a trusted connection (bluebugging). The would-be bluebugger just hits a couple numbers, and then your phone does everything he wants it to do.

Lionel Contreras is an information systems technician with The Herald.

Back to the top/February 2005 Main Menu