Bluetooth group downplays security risks

The Bluetooth Special Interest Group (SIG) is dismissing security fears about the technology, saying any flaws in it are limited to a small number of mobile phones — although it has detailed measures that concerned users can take to secure a wide range of Bluetooth devices.

Bluetooth is primarily a short-range wireless technology that operates in the same 2.4-GHz frequency band as wireless LANs. It’s used as cordless replacement to connect a wide range of devices, such as mobile phones, to each other in a process known as “pairing” and can also serve as the link between a phone or handheld computer and Bluetooth wireless printers.

Mike McCamon, marketing director of the Bluetooth SIG in Overland Park, Kan., said during a news briefing Monday that Bluetooth device shipments have now hit 1 million per week and that any security problems with the wireless technology security problems are limited to a handful of phones manufactured by Nokia and Sony Ericsson.

Those phones, which include Sony Ericsson’s R520m and T68i phones and Nokia’s 6310, 6310i, 8910 and 8910i phones, are susceptible to a hacking technique known as “bluesnarfing,” according to Nick Hunn, a Bluetooth security expert and sales managing director at TDK Systems Europe in London. Flaws in these phones can allow hackers to access data such as information stored in address books or calendars, he said.

Both Nokia and London-based Sony Ericsson are developing patches for the older phones, while newer models won’t be vulnerable to a bluesnarfing attack, Hunn said. Nokia said in a statement that it views any security threat from bluesnarfing as minimal and that the technique can be easily prevented by setting Bluetooth on the phones to a “hidden” mode. That makes intrusion more difficult, “since the hacker will have to know or guess the Bluetooth address before establishing a connection,” said Nokia.

Sony Ericsson couldn’t be reached for comment. Hunn and McCamon agreed with Nokia’s recommendations, saying users should turn off a feature that allows one Bluetooth-equipped device to easily detect or “discover” another. “Always make sure your devices are not discoverable,” McCamon said. Every Bluetooth device has a name, which users can change, and he suggested that each user choose one that doesn’t readily identify his device. Hunn said concerned Bluetooth users should keep in mind that the easiest way to obtain data from a mobile phone isn’t through illicit Bluetooth access, but from phones that have been lost. He said police in the U.K. have received reports of 430,000 lost mobile phones in 2002, a potentially larger security problem than bluesnarfing.

While McCamon emphasized that any security concerns with Bluetooth are largely restricted to phones, wireless security vendors said the proliferation of the technology means that other devices–and even enterprise systems–could be susceptible to detection, sniffing and even hacking. For example, Bank of America is testing a Bluetooth-based wireless customer identification system that the chairman of AirDefense Inc., an Alpharetta, Ga.-based wireless security company, accidentally discovered while waiting in line at a local bank branch last week.

With concerns about security in mind, Ken Pasley, director of wireless business development at FedEx., said he has taken extra steps to “lock down” Bluetooth wireless in 40,000 PowerPad mobile computers his company plans to start distributing to its couriers next month.

Pasley said FedEx has developed proprietary technology to defeat unwanted pairing and ensure that the PowerPad wirelessly mates only with an assigned printer. Pasley said FedEx uses a bar-code key on the PowerPad and its assigned printer to limit pairing, which helps reduce the risk of a bluesnarfing attack. The PowerPad uses cellular General Packet Radio Service technology for wide-area connectivity.

Besides beefing up security, this technique also prevents interference problems when “50 or 100 couriers in a small room” synchronize their PowerPads and printers at the start of each workday, Pasley said.

Joseph Dell, CTO at Vigilar, an information security services firm in Atlanta, said users should view all Bluetooth devices as inherently insecure, since the majority are shipped with security turned off. He also believes that any Bluetooth device could serve as a back door into enterprise information systems.

Dell recommended that companies secure all their Bluetooth devices and scan for unauthorized devices.

Bluetooth Hack Lexicon

• Bluesnarfing

This is when an attacker uses a wireless Bluetooth connection to “pair” or synchronize with another mobile phone to gain access to information on the target device, such as address books and e-mails. It could be used to exploit applications such as Outlook to burrow back into an enterprise network or to insert a worm into the device.

• Bluebug attack

This is when an attacker uses the serial port emulation capabilities of Bluetooth to gain control of a target phone, which would then allow a hacker to make unauthorized calls, read SMS messages and connect to data services.

• Bluejacking

This is when an attacker uses a wireless connection to send text messages to any other mobile phone within a 30-foot range and exploits the electronic handshake between devices, which initiates the pairing process.

Sources: A.L. Digital AirDefense and Red-M