Bluetooth device hijacking

Recently one of the people working at the computer repair company in the sme building as Refresh Paignton suggested that I do an article of a new phenomenon called Bluejacking or Bluesnarfing. The motive behind this suggestion was that whilst in a pub last night someone tried to compromise his mobile phone handset; we both agreed this was a danger Click readers should be made aware of.

The motive behind this suggestion was that whilst in a pub last night someone tried to compromise his mobile phone handset; we both agreed this was a danger Click readers should be made aware of. Bluetooth is a fantastic technology and one of its many applications allows modern day mobile phone handsets to communicate wirelessly and exchange data with each other. Although the technology currently has a theoretical maximum range of up to 100m, it is worth noting that when built into a mobile phone the two devices realistically have to be in the same room to communicate with one another.

There are many different ways this technology can be applied in the real world; one of the most useful is for hands-free headsets which will allow you to communicate with your mobile phone without the need to connect the two physically with cables. Bluetooth can also be used to send files such as movies, MP3's and pictures to other people you know quickly, easily and best of all, for free!

Unfortunately, with most technology there is often a downside. In this instance, the problem with Bluetooth is that unless you turn it off when you're not using it, then your phone will be continuously broadcasting itself and this can be a potential security vulnerability.

BlueJacking is a term used to refer to the sending of unsolicited messages over Bluetooth. The person sending the messages doesn't have any control over your phone so it is technically harmless, however it can be quite confusing for the person on the receiving end when they receive anonymous messages. BlueJacking can also be used for unsolicited advertising; I was offered a box several weeks ago that when put in my window would send a message advertising my company to everyone who drove past with a bluetooth enabled phone. Of course, I declined but if such advertising technology catches on then using our phones on a day to day basis could become a lot more tiresome.

BlueSnarfing is in a different league to BlueJacking as it is usually used for malicious purposes. By taking advantage of vulnerabilities in susceptible handsets the BlueSnarfer can potentially gain access to confidential data within the phone such as the contact list, pictures, videos and text messages. There have even been instances where the BlueSnarfer can dial premium rate phone numbers without the consent or knowledge of the handset owner.

Another potential vulnerability of Bluetooth is that is can be used as a medium to transfer viruses. It is a rather strange state of the world when we have phones capable of contracting viruses but trust me, it does happen. Such viruses only tend to affect the handsets that have relatively advanced operating systems. Once infected these handsets then start propagating the virus by sending it out to every Bluetooth handset within range. These viruses are fairly easy to avoid because the handset does ask the user if they want to accept a file via Bluetooth before permission is given for the transfer to take place; typically only those uneducated in Bluetooth etiquette would accept such a file.

I don't want to incite a knee-jerk reaction resulting in my readership abandoning Bluetooth - It is a good technology, is genuinely useful and the risks are relatively low. If you do have a Bluetooth enabled handset there are a couple of ways to minimise your risk and luckily these are extremely easy to implement.

If you don't use Bluetooth then keep it switched turned off or your status set as 'undiscoverable' as this will result in no malicious users being able to locate your handset. If you do require or simply would like to keep Bluetooth enabled then make sure that if you are asked whether you would like to receive a file you weren't expecting then reject it. Simple!


------

Chris Holgate writes a weekly article of all things tech related. He is a director and copyrighter of the online computer consumables business Refresh Cartridges who sell cheap ink cartridges, toner cartridges, computer hardware and other computer consumables online. An archive of his work can be found at www.computerarticles.co.uk.Report this articleThis article is copyright
Source: http://www.articlealley.com/article_1851364_45.html

View the Original article