Computerworld - The Bluetooth Special Interest Group (SIG) is dismissing security fears about the technology (see story), saying any flaws in it are limited to a small number of mobile phones—although it has detailed measures that concerned users can take to secure a wide range of Bluetooth devices.
Bluetooth is primarily a short-range wireless technology that operates in the same 2.4-GHz frequency band as wireless LANs. It's used as cordless replacement to connect a wide range of devices, such as mobile phones, to each other in a process known as "pairing" and can also serve as the link between a phone or handheld computer and Bluetooth wireless printers.
Mike McCamon, marketing director of the Bluetooth SIG in Overland Park, Kan., said during a news briefing yesterday that Bluetooth device shipments have now hit 1 million per week and that any security problems with the wireless technology security problems are limited to a handful of phones manufactured by Nokia Corp. and Sony Ericsson Mobile Communications AB.
Those phones, which include Sony Ericsson's R520m and T68i phones and Nokia's 6310, 6310i, 8910 and 8910i phones, are susceptible to a hacking technique known as "bluesnarfing," according to Nick Hunn, a Bluetooth security expert and sales managing director at TDK Systems Europe Ltd. in London. Flaws in these phones can allow hackers to access data such as information stored in address books or calendars, he said.
Both Nokia and London-based Sony Ericsson are developing patches for the older phones, while newer models won't be vulnerable to a bluesnarfing attack, Hunn said. Espoo, Finland-based Nokia said in a statement (download PDF) that it views any security threat from bluesnarfing as minimal and that the technique can be easily prevented by setting Bluetooth on the phones to a "hidden" mode. That makes intrusion more difficult, "since the hacker will have to know or guess the Bluetooth address before establishing a connection," said Nokia.
Sony Ericsson couldn't be reached for comment.
Hunn and McCamon agreed with Nokia's recommendations, saying users should turn off a feature that allows one Bluetooth-equipped device to easily detect or "discover" another. "Always make sure your devices are not discoverable," McCamon said. Every Bluetooth device has a name, which users can change, and he suggested that each user choose one that doesn't readily identify his device.
Hunn said concerned Bluetooth users should keep in mind that the easiest way to obtain data from a mobile phone isn't through illicit Bluetooth access, but from phones that have been lost. He said police in the U.K. have received reports of 430,000 lost mobile phones in 2002, a potentially larger security problem than bluesnarfing.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
