From the AEGIS e-Journal, Volume 7 Number 6, June 2004
One of the exciting new additions to the world of cellular devices is Bluetooth. Bluetooth-enabled devices allow all sorts of interesting communications, including connections to laptops, to wireless headsets, to car hands-free kits, to local devices which will send you sales messages, and even to devices to allow you to make purchases. The less exciting news is that in November 2003, Adam Laurie of A.L. Digital Ltd. discovered flaws in the authentication / data transfer mechanisms on some Bluetooth-enabled devices. At the moment some ÆGIS, June 2004 9 Nokia and Sony Ericsson devices have the theoretical potential to cause you some problems. (We are given to understand that Sony Ericsson has made an effort to fix the problem, and that Nokia said the problem is not serious enough to warrant repairing.) Bluejacking (originally a way to send messages to another handset based on “discovering” their Bluetooth device, including messages which will re-set certain devices) and bluesnarfing allow hackers to download text messages, phone lists. Bluesnarfing also allows remotely tampering with handsets to enable them to be used as listening devices. This means that someone could, without your knowledge, download all the information on your handset. And they could in essence make a silent call to them, and listen in on whatever is being said. In addition, there are companies that offer services which allow you to track specific handsets. This is generally done to track sales people, and for other similar, legitimate reasons. But with some handsets, an unscrupulous hacker can use Bluetooth to surreptitiously insert the activation code, and be able to track the handset 24 hours a day, without the owner of the handset being aware it is being tracked. How serious is this? Well, if you don’t care about sharing your information, it isn’t serious at all. If sharing your information, or being listened-in on, or being tracked would present a problem, then it is at least a concern. How do you deal with this? If you have a Bluetooth device, keep it in hidden (not visible or discoverable) mode. Even better, turn off Bluetooth if you don’t actually use the feature.