|
Bluetooth: Is it really secure?
Bluetooth: What it is and how it works.
Although you may not have used Bluetooth, I am sure you have seen it before. Perhaps your significant other may even be confused about that cute little icon in the top corner of their cell phone. Whether or not this is true, it's more than likely that you see someone using Bluetooth; perhaps on a daily basis. Yes, it includes those snazzy headsets you see people blabbing into as if they are talking to themselves. It might be a feature on a new printer you are buying, heck, it might even be a feature in a car you own or want to buy. Bluetooth is everywhere, but what exactly is it?
 |
 |
Simply speaking, Bluetooth is a way of short-range wireless communication; it was designed to make use of Personal Area Network or PAN. PAN is a way for multiples of devices within close range to wirelessly communicate with one another. It operates over the 2.4Ghz radio frequency bandwidth, much like wireless 802.11b and g. Its typical gross data rate can only reach around 1Mb/s; however, with EDR (Enhanced Data Rate) it can reach as far as 3Mb/s. The range of Bluetooth can be anywhere from 1 meter - 100 meters, all depending on the class of Bluetooth used, but most work up to about 30 feet.
Bluetooth: Security risks.
So, is Bluetooth really secure? There will be security risks in any wireless product used, so no, it's not 100% secure. "Bluejacking," "bluesnarfing," and "bluebugging" are some of the typical terms used for attacks made on Bluetooth devices. Bluejacking essentially is the phone equivalent to e-mail spam; the user will receive a message or picture at random. Usually this type of attack is harmless. Bluesnarfing, however, is more dangerous. This form of attack gains personal information on the victim's Bluetooth device without their consent or knowledge. Bluebugging is the most invasive attack because the attacker gains complete and total control of the device.
Brute forcing is becoming a common mode of attack on Bluetooth enabled devices. The person brute forcing to get the PIN of course needs to be within range of the victim's device.This attack works by generating a list of keys or passwords from an electronic library and using each one until it comes across the correct password. Brute forcing can typically take days or even longer, but a four digit PIN can easily be cracked within a minute by an "average" computer.
With the prices of smart-phones dropping in today's market, the use of a phone as a modem has become increasingly popular. However, a Bluetooth attack, done through a smart-phone, can allow the attacker to use the victim's phone as a modem. While not even having a smart-phone, an attacker can gain access to a user's e-mail, text messages, contact lists, and other personal information within the phone or other device. If that's not bad enough, an attacker can also eavesdrop on private conversations held on Bluetooth hands-free devices.
Bluetooth: What you can do to protect yourself.
Here are a few tips on keeping yourself secure.
- When not in use, keep Bluetooth device offline.
- Keep status at invisible.
- Don't accept suspicious messages.
- Use a password whenever possible.
- If possible, encrypt precious data.
Don't let this article scare you into tossing all your wireless devices in the garbage. While all wireless devices have their flaws, this should not deter you from using them. As with any device with wireless capabilities, there are precautions and steps to take to alleviate the possibility of your Bluetooth device becoming compromised.