Get ready -- Bluetooth is coming

Despite its inherent security risks, Bluetooth is obviously taking hold. Network managers are warned to start taking notice.

This Content Component encountered an error

Evidenced by the astounding number of cyborg-looking executives donning silver earpieces while waiting in line at Starbucks, the use of Bluetooth technology is on the rise.

Bluetooth, the attractive short-range wireless service designed initially for cordless earpieces for mobile phones, is heating up. More devices are being sold and more people are using them. Not only is it visible at Starbucks, but it can be seen in airports, offices and on every method of public transportation. According to Midvale, Utah-based Burton Group, this could be the year Bluetooth takes hold in the enterprise space. And while the technology may be ready, the question remains whether network managers can control its eventual office infiltration.

In a recent report titled "Bluetooth: Not Just a Flash in the PAN [personal area network]," Burton Group vice president and service director Michael Disabato cautions that the proliferation of Bluetooth-enabled devices should already be popping up on all mobile managers' radar screens, especially because many may not know that Bluetooth has penetrated the corporate walls.

"While network managers may seek to control Bluetooth within the enterprise, the proliferation of Bluetooth-enabled mobile phones, laptops and personal digital assistants (PDAs) will bring Bluetooth through the enterprise door in much the same way the initial Palm handhelds entered -- without the knowledge of the information technology (IT) department," Disabato wrote.

Lisa Phifer, vice president of Core Competence Inc., a consulting firm specializing in network security and management technology, agreed, warning managers that they have to start taking notice.

"Embedded Bluetooth has become common enough that enterprises can no longer escape it," she said. "Laptops and phones are just showing up with Bluetooth on board now, so companies must have a policy for what to do with these interfaces -- even if the policy is to enforce that Bluetooth is turned off."

Aside from defining policies, another major concern as Bluetooth starts to plant its foot firmly in the enterprise is its potential to open up security holes. Bluetooth still has questionable security, according to Phifer, with a host of attacks -- including Bluejacking, Bluesnarfing, Bluebugging and BlueSniper Rifle -- that can intercept data or plant malicious code.

"Bluetooth presents a real problem," she said. "There are dozens of Bluetooth attacks, and most embedded Bluetooth devices will just be enabled in a promiscuous discovery mode, with default or no PIN. While it is true that one must be relatively close to a Bluetooth device to connect to it, there are many business situations in which that will be true."

For more information

Discover more with our Bluetooth learning guide

2004 was also supposed to be Bluetooth's year

 Phifer said a recent wait at a Chicago airport opened her eyes to Bluetooth's growth and some potential security dangers. She saw well over a dozen passengers with Bluetooth headsets linked to phones and PDAs, many of which probably contained sensitive business data and contact information. She didn't "sniff" to find out, but Phifer said she would guess that at least a few of the more than 20 laptops nearby were also running Bluetooth, exposing even more information to a possible Bluetooth-borne attack.

Further illustrating Bluetooth's recent growth, shipments of Bluetooth-enabled devices reached 318 million units last year, Disabato wrote -- nearly enough for every person in the U.S. and Canada to have a Bluetooth device. He said that although it originally failed to live up to its billing as a replacement for 802.11b, Bluetooth is joining the ranks of Ethernet cards and modems as standard ingredients in mobile phones, smart phones, PDAs, laptops and other devices. And Bluetooth is now starting to see use in industrial and retail environments, where being tethered could hinder business.

Phifer is cautious not to overstate Bluetooth's risks, but she said its proliferation and the potential for attack should be enough to open a few eyes and draw network managers' attention.

"I think we've reached a point similar to the early days of Wi-Fi, where it became common enough and was inherently insecure enough that there was plenty of low-hanging fruit to be picked, and thus the [business] risk became too big to ignore," she said. "The answer is a combo of securing those unsecured devices and asserting IT control over acceptable Bluetooth use and enforcement of required security measures and practices."

Craig Mathias, principal at the Farpoint Group, an Ashland, Mass.-based research and advisory firm, also noted that security troubles could make enterprise-wide control over Bluetooth a hurdle.

"The big issue for the enterprise, if you have personal data stored on a device with Bluetooth enabled and security disabled, is how it is managed and enforced," Mathias said.

A growing number of companies already have policies dictating how certain mobile technologies should be used. Daniel Taylor, managing director of the Mobile Enterprise Alliance, said Bluetooth will add to mobile managers' responsibilities, when it comes to enforcing security and usage policies.

"Bluetooth adds a set of technologies that must be managed as part of this process, and Bluetooth-specific vulnerabilities clearly increase the risk profile for unmanaged mobile devices and computing environments," Taylor said. "A growing number of IT departments already have mobile device management programs in place, and these organizations have no need to worry about Bluetooth."

Those management programs include everything from enforcing how users set and use device security, to which applications are allowed to run on which devices. IT shops already manage tools to disable other devices, such as digital cameras, games and media players, so adding a Bluetooth-specific set of policies shouldn't present much of a challenge to cut down on security risks and unauthorized use, according to Taylor. The challenge comes, however, when it's time to define the policies designed to control Bluetooth.

"What's truly difficult is defining the policies and implementing a company-wide program for managing mobile devices," Taylor said. "Bluetooth won't make that any easier."

Despite the ever-increasing numbers of Bluetooth-enabled devices, some experts still question whether it is positioned to take a bite out of the enterprise space.

Bluetooth presents a real problem. There are dozens of Bluetooth attacks, and most embedded Bluetooth devices will just be enabled in a promiscuous discovery mode, with default or no PIN.
Lisa Phifer
Vice PresidentCore Competence Inc.

 John Shepler, an expert and columnist with T1Rex.com and T1 Rex's Business Telecom Explainer, questioned whether this is really Bluetooth's year in the enterprise or whether it will continue to be simply a neat consumer technology.

"The primary use is hands-free telephone calls," Shepler said. "It's common now to see people wandering through stores with those Bluetooth headsets on their ear. Last year, that would have been a real rarity."

In the past, along with security problems, Bluetooth has been plagued by being able to work only at short distances and slow speeds, but with Bluetooth poised to work in concert with ultra-wideband (UWB), faster file transfers and greater reach could be on the horizon. Craig Mathias said the ability of Bluetooth to work across multiple physical layers may breathe even more life into the technology, making it more attractive to enterprises.

Mathias added that "Bluetooth died and was resurrected," but how long that second life will last remains to be seen.

Shepler also said Bluetooth's alliance with UWB could boost its use in the enterprise, but he thinks its core uses will remain in cell phones and other personal device connections that use USB wiring. He predicts, though, that Bluetooth use will continue to flourish and not fade away.

"I understand that there is now a move on to base the next generation of Bluetooth on UWB technology to expand the range of Bluetooth but keep it within office walls and not interfering with other wireless devices," Shepler continued.

Avi Greengart, principal analyst, mobile devices, for Current Analysis, said Bluetooth currently is best applied for wireless headset and in-car speakerphone use, but more business-centric uses may not be too far behind.

"Bluetooth may, at some point, be used as a ubiquitous wireless connectivity standard," he said. "The Bluetooth SIG is certainly moving things in that direction by adopting UWB for its next-generation spec. But that is several years off."

According to Burton Group, new Bluetooth specifications are scheduled for completion by early 2007. The challenge lies in adapting to the myriad radio frequency regulations and making Bluetooth compatible with UWB, which could be two or three years away.

Whether Bluetooth is on the horizon or ready to be cemented in the enterprise this year, it is time to take it seriously as an enterprise-ready technology, according to Michael Disabato.

Bluetooth, he wrote, is "far from dead as a networking technology. Because most technologies take about 10 years to reach critical mass, Bluetooth is well ahead of the curve. Bluetooth will not be a replacement for WLANs, but it is an excellent network infrastructure for many applications that work at moderate speeds and consume little power."

Disabato's conclusion from the report sums it up this way: "Bluetooth is here to stay, and it provides a wide range of applications, many driven by legal requirements and operational environments."

Dig deeper on Mobile Policies

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchConsumerization

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close