The Critical 'I'

Read. React. Repeat.

Saturday, August 07, 2004

BLUETOOTHACHE
Bluetooth is getting to be the latest techno-craze among mobile devices, especially the latest and greatest phones. But before you run out and buy that shiny new model, consider how much of a security nightmare Bluetooth-enabling can cause:
[Salzberg Research's Martin] Herfurt demonstrated three different ways to attack a phone: He could send unsolicited text messages to the phone's screen, download all the data stored on a phone (or manipulate the data on the phone itself), and turn the phone into a roaming bug by forcing a targeted phone to call another phone.

This last attack, which the pair call "BlueBugging," is potentially the most damaging because once the attacker initiates a call on the victim's phone, there's no need to stay within Bluetooth range, typically about 30 feet. The target need only be in a phone service area to be exploited.

This kind of attack could also be used to commit fraud, according to Laurie. For example, an attacker could force victims' phones to dial a phone service that bills the victim per call or per minute.

Increasingly, "phones are being used as portable data stores" for information such as passwords, PIN numbers, and other sensitive data, [AL Digital's Adam] Laurie added--another danger if a phone can be hacked.
Basically, an open door is an open door, to anyone. You'd think these tech companies would build this stuff with failsafe security measures. Maybe that's just impossible, or maybe it'll take a couple of decades to factor in the hacker safeguards. I often get the feeling the big companies justify their lack of security features by dismissing hacker attacks as isolated and rare instances. This was true even ten years ago, when such practitioners were small grouping, really a limited underground. But with the Internet as a ridiculously easy communications and exchange medium, that's no longer the case--the ability to share information on how to pull off large-scale scams is almost effortless. Put it all together, and it seems like it'll be more years than anyone wants to admit before people live a casually digital lifestyle.

The other downside to this Bluetooth phone vulnerability is that it could curtail the bluejacking. Not to mention the trysting fun of toothing.