Avoid wireless attacks through your Bluetooth Windows Mobile

Posted by bink on October 12 2005, 3:14 PM. Posted in Blue Tooth.

Bluetooth® wireless technology is included with many cell phones and PDAs. It was initially designed to let you swap documents between other Bluetooth devices without the use of annoying connecting cables, but has since expanded to provide services such as Web connectivity and online game playing. However, any time you transmit information online, you can be vulnerable to online attack; and as the popularity of Bluetooth increases, so does its interest to cybercriminals.

The Bluetooth process and vulnerabilityWhen it's set to "discoverable" mode, your Bluetooth cell phone or PDA sends a signal indicating that it's available to "pair" with another Bluetooth gadget and transmit data back and forth. However, an attacker who detects this signal could also attempt to pair with your device and hack in to steal your personal identification number (PIN). You could remain blissfully unaware, while the attacker, with your PIN in hand, could be:

• Stealing information stored on your device, including contact lists, e-mail, and text messages. • Sending unsolicited text messages or images to other Bluetooth-enabled gadgets. • Accessing your mobile phone commands, which allows the attacker to use your phone to make phone calls, sent text messages, read and write phonebook contacts, eavesdrop on conversations, and connect to the Internet. • Installing a virus on your device that could wreak the same kind of havoc as a virus could on your computer—for example, slowing or disabling your service, or destroying or stealing information. Criminals have also been known to drive around with Bluetooth detectors, looking for cell phones and PDAs to infiltrate; and to outfit laptop computers with powerful antennas in order to pick up Bluetooth signals from as far as a half-mile away. The latest forms of high-tech attack even include forcing Bluetooth devices to pair with the attacker's device when they are not in the discoverable mode. (It's also very labor-intensive, so targets tend to be individuals known to have a very large bank account or hold expensive secrets.)

Tips to improve your Bluetooth security• Keep your Bluetooth setting to "non-discoverable" (transmission-disabled) and only switch it to "discoverable" when you're using it. Just leaving your cell phone or PDA in the discoverable mode keeps it dangerously open for Bluetooth transmission—a Bluetooth user within up to a 30-foot range can receive your signal and potentially use it to access your device as you walk around town, drive, or even walk through your office. • Use a strong PIN code. Codes of five digits or longer are harder to crack. • Avoid storing sensitive data such as your social security number, credit card numbers, and passwords on any wireless device. • Stay up-to-date on Bluetooth developments and security issues, and regularly check with the manufacturer of your device for news on software updates or any specific security vulnerabilities. More Bluetooth tidbitsQ: Why is this technology called Bluetooth?A: Just as Bluetooth wireless technology links two different gadgets together, the 10th century Danish king Harald "Blatand" united the separate kingdoms of Denmark and Norway. "Blatand" loosely translates to "Bluetooth" in English.

Q: What does it mean when someone gets "Bluejacked"?A: "Bluejacking" is one of many terms of Bluetooth attack jargon:

• Bluejacking: sending unsolicited text messages • Bluesnarfing: stealing information • Bluebugging: stealing mobile phone commands • War-nibbling: driving around looking for Bluetooth signals to attack • Bluesniping: using a laptop and powerful antenna to attack from a distance