Article

Bluetooth: Security's 'silent killer'

Jim Rendon

Bluetooth's flaws were in the spotlight at last week's Black Hat and Defcon security conferences in Las Vegas. Security professionals demonstrated vulnerabilities in the wireless technology by downloading contact information and reading text messages on the devices of unsuspecting bystanders.

This comes on the heels of software upgrades from device makers Nokia Corp. and Sony Ericsson that address Bluetooth's security problems. Even though Bluetooth is seemingly more insecure than ever, it is infiltrating businesses at a tremendous rate.

"Bluetooth is a silent killer," said Stan Schatt, a vice president and research director with Cambridge, Mass.-based Forrester Research Inc. "You can look at someone and not know that they have a Bluetooth device, yet they can still do damage."

The short-range 2.45 GHz wireless technology is being embedded in more manufacturers' mobile devices. Wireless phones and headsets are most popular, but it is also being embedded in printers, PDAs, laptops and other devices. It is most often used to replace cords for headsets, synch mobile devices with PCs or share contact information between devices.

According to the Scottsdale, Ariz.-based research firm In-Stat/MDR, 69 million Bluetooth chips shipped in 2003. By 2008, the firm expects 720 million units to ship each year.

While Bluetooth is prevalent, it has very little use in a business context and therefore is rarely managed by IT departments, Schatt said. Generally, the technology

    Requires Free Membership to View

is embedded in the devices that employees bring into the office. Now that these devices are becoming more commonplace, hackers are finding ways to exploit the technology's weakness.

For instance, Bluetooth can be used to download information stored on a mobile device, including contact lists and passwords. It can also be used to make calls using another person's device. Bluetooth can even be used to take over another device and send SMS messages, or to listen in on conversations.

For more information

Learn how Red-M's WLAN monitor helps avoid Bluetooth danger.

 

Read our exclusive: Gartner advises firms to deactivate Bluetooth.

Mobile device data is typically not pivotal to an enterprise's security, said Craig Mathias, a principal with Framingham, Mass.-based research firm, Farpoint Group. Nonetheless, he said businesses should determine whether they are at risk by learning how much sensitive business data is stored on workers' handheld devices.

"Bluetooth needs to be on the radar screen of IT departments," he said.

Bluetooth also complicates patch management, Schatt said, because it is tougher to push out updates to cell phones and other handheld devices than it is to PCs.

Despite its problems, Bluetooth is becoming so prevalent that it is not practical to ban the technology. Businesses should therefore incorporate it into their wireless strategies.

Employees also need to be educated on how to use Bluetooth and on the kinds of security vulnerabilities it may present. Mathias recommends handing out a card with Bluetooth information to every cell phone user.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: