Security threats raise concerns about Bluetooth
Some IT managers take steps to limit wireless use; vendors claim risks aren't widespread
Computerworld - Potential security risks posed by the Bluetooth wireless technology are prompting some IT managers to rein in use of Bluetooth-equipped mobile phones and PCs on their networks.
Bluetooth vendors are scheduled to hold a press briefing today at which they will discuss the security issues and provide guidance on how users can guard their devices against hackers. But several IT managers last week said they now see a need to protect their networks from Bluetooth attacks by taking the same steps they took to secure their corporate wireless LANs.
For example, Michael Ciarochi, a network security manager at HomeBanc Corp. in Atlanta, said he discovered last week that Bluetooth radios were included in laptop PCs that were being configured by an IT engineer for delivery to the mortgage lender's mobile workers. The radios, which operate in the same 2.4-GHz band as 802.11b WLANs, were turned on as a factory default setting.
Ciarochi said he was concerned about the possibility of opening a wireless back door into data stored on the PCs and had the Bluetooth radios turned off before the systems went into use. He added that he expects to have to secure Bluetooth by "locking it down" on devices, the same approach he took with HomeBanc's WLANs.
Emmett Hawkins, chief technology officer at Leapfrog Services Inc., said he's so concerned about Bluetooth security risks that he plans to use a tool called Bluewatch from AirDefense Inc. to scan every device on his network and employees' mobile phones for the presence of the wireless technology. Hawkins will then decide which devices should be allowed to run Bluetooth and access the network at Leapfrog, an Atlanta-based vendor of managed network services.
Cracks in Bluetooth's security capabilities first came to light in February, when researchers in the U.K. said they had developed a tool that could exploit a flaw in some phones to connect to other devices without going through the normal pairing process. Once the connection was established, the tool could download data such as address books and personal calendars .
The Bluetooth Special Interest Group (SIG), a trade association based in Overland Park, Kan., today plans to address the technology's vulnerability to the "bluesnarfing" attacks and another hacking technique called "bluejacking."
The group said in a statement that Bluetooth users need to "understand the realities of the situation [and] know how to protect themselves." Patches are available for the phones that are at risk of being attacked, said a spokesman for the Bluetooth SIG. He added that the group also plans to detail initiatives it has
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Keeping UP with Mobile Trendsetters Global survey tracks achievements and challenges of mobile initiatives along with best practices for success.
- Assessing ROI for Mobile Acceleration Clients This EMA® paper examines the business case for deploying mobile WAN optimization client software and builds a ROI model based on the experiences...
- The Apple-ization of the Enterprise: Understanding IT's New World Read this paper for how to tackle Apple-ization (and the related consumerization of IT and Bring Your Own Device/BYOD).
- A Practical Introduction to Enterprise Mobility Management Read the white paper to better understand the basic concepts within mobility management and to learn how you can apply EMM technology to...
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the... All Mobile/Wireless White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!