Security threats raise concerns about Bluetooth
Some IT managers take steps to limit wireless use; vendors claim risks aren't widespread
Computerworld - Potential security risks posed by the Bluetooth wireless technology are prompting some IT managers to rein in use of Bluetooth-equipped mobile phones and PCs on their networks.
Bluetooth vendors are scheduled to hold a press briefing today at which they will discuss the security issues and provide guidance on how users can guard their devices against hackers. But several IT managers last week said they now see a need to protect their networks from Bluetooth attacks by taking the same steps they took to secure their corporate wireless LANs.
For example, Michael Ciarochi, a network security manager at HomeBanc Corp. in Atlanta, said he discovered last week that Bluetooth radios were included in laptop PCs that were being configured by an IT engineer for delivery to the mortgage lender's mobile workers. The radios, which operate in the same 2.4-GHz band as 802.11b WLANs, were turned on as a factory default setting.
Ciarochi said he was concerned about the possibility of opening a wireless back door into data stored on the PCs and had the Bluetooth radios turned off before the systems went into use. He added that he expects to have to secure Bluetooth by "locking it down" on devices, the same approach he took with HomeBanc's WLANs.
Emmett Hawkins, chief technology officer at Leapfrog Services Inc., said he's so concerned about Bluetooth security risks that he plans to use a tool called Bluewatch from AirDefense Inc. to scan every device on his network and employees' mobile phones for the presence of the wireless technology. Hawkins will then decide which devices should be allowed to run Bluetooth and access the network at Leapfrog, an Atlanta-based vendor of managed network services.
Cracks in Bluetooth's security capabilities first came to light in February, when researchers in the U.K. said they had developed a tool that could exploit a flaw in some phones to connect to other devices without going through the normal pairing process. Once the connection was established, the tool could download data such as address books and personal calendars .
The Bluetooth Special Interest Group (SIG), a trade association based in Overland Park, Kan., today plans to address the technology's vulnerability to the "bluesnarfing" attacks and another hacking technique called "bluejacking."
The group said in a statement that Bluetooth users need to "understand the realities of the situation [and] know how to protect themselves." Patches are available for the phones that are at risk of being attacked, said a spokesman for the Bluetooth SIG. He added that the group also plans to detail initiatives it has
- Securing the enterprise workspace: protect your organization while supporting mobility and BYOD Read this white paper to learn ways to bolster security across enterprise networks while giving employees simple, authorized remote access to corporate applications...
- Transforming enterprise applications for mobile environments Read this white paper for tips on how to prepare critical applications to be securely accessed from an array of company-owned and personal...
- Future-proof your mobility strategy with Dell Enterprise Mobility Management Read this paper to discover best practices to future-proof your mobile strategy in the evolving world of devices, operating systems, work habits and...
- Enabling devices and device management for your mobility/BYOD program Read this white paper to learn how to support employees with the best devices to increase flexibility, productivity and job satisfaction.
- Don't Believe the Hype: Not All Containers are Created Equal Hear executives discuss the 3 C's of Secure Mobility-content, credentials, and configurations-and learn the inherent security risks to your organization of using MDM...
- Navigating the New Wireless Landscape Thriving in the new wireless landscape View Now>> All Mobile/Wireless White Papers | Webcasts