Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Tuesday, July 29, 2008

Bluetooth Security Presentation

As I mentioned yesterday I’ll be speaking at a conference about wireless security and along with WiFi or 802.11 wireless, the topic will cover Bluetooth technology which is widely used today in cell phones. I’m including an outline of my talk and welcome your comments, suggestions and stories.

One important thing to remember is your cell phone is a computer. It stores your personal data and can communicate easily with the world. Proper use includes keeping your data backed up regularly and keeping it secure. One of the common ways your cell phone or PDA communicates is using technology called Bluetooth. Just like your computer, you should know about the following.

  • Discovery Mode
    This is a special mode that allows you to sync or pair up two devices that provide Bluetooth communications. In discovery mode information about your cell phone is readily available to Bluetooth scanners. In most new phones, when you turn on Discovery mode it will only be available for a short time frame. While this sometimes makes it a pain to pair up devices it’s a great safety feature. Your phone should never remain in Discovery Mode.
  • Keep your Phone to yourself
    Don’t let others mess around with your phone. Every phone has a physical Bluetooth network address which can’t be changed. Someone checking out your phone can find this numeric address and use it to communicate with your phone even when it’s not in discovery mode. This unique number can not be changed and will look something like 11:1A:D9:EB:11:C7
  • Passwords
    Just like on your computer your password should not be 1234 or your birthday. It should not be your address, pets name or the same as your ATM pin.
  • Unsoliticated Connection Requests
    Don’t be shocked if you receive a request to connect for an update or what looks like a news story or free ringtone. It’s very possible this could be an illegitimate attempt at a pairing. If you do get an unsolicited request reply No. If it appears to come from your phone company, you can always call them directly to confirm.
  • Update your firmware
    Again, just like on your computer, you should regularly connect to your phone vendor and see if any “firmware” updates are available. It’s possible that some kind of security hole was found in your phone’s software and a firmware update could be needed to repair it.

  • Encryption
    When syncing up your address book or or other data with your computer check to see if encryption is available. This may require you to remember another password but it’s a good idea. While Bluetooth data is designed to only be available in short distances there are antenna’s out there which increase the ability to read Bluetooth data.

Labels: , , ,

Share on Facebook


Post a Comment

<< Home