Bluetooth's flaws were in the spotlight at last week's Black Hat and Defcon security conferences in Las Vegas....
Security professionals demonstrated vulnerabilities in the wireless technology by downloading contact information and reading text messages on the devices of unsuspecting bystanders.
This comes on the heels of software upgrades from device makers Nokia Corp. and Sony Ericsson that address Bluetooth's security problems. Even though Bluetooth is seemingly more insecure than ever, it is infiltrating businesses at a tremendous rate.
"Bluetooth is a silent killer," said Stan Schatt, a vice president and research director with Cambridge, Mass.-based Forrester Research Inc. "You can look at someone and not know that they have a Bluetooth device, yet they can still do damage."
The short-range 2.45 GHz wireless technology is being embedded in more manufacturers' mobile devices. Wireless phones and headsets are most popular, but it is also being embedded in printers, PDAs, laptops and other devices. It is most often used to replace cords for headsets, synch mobile devices with PCs or share contact information between devices.
According to the Scottsdale, Ariz.-based research firm In-Stat/MDR, 69 million Bluetooth chips shipped in 2003. By 2008, the firm expects 720 million units to ship each year.
While Bluetooth is prevalent, it has very little use in a business context and therefore is rarely managed by IT departments, Schatt said. Generally, the technology is embedded in the devices that employees bring into the office. Now that these devices are becoming more commonplace, hackers are finding ways to exploit the technology's weakness.
For instance, Bluetooth can be used to download information stored on a mobile device, including contact lists and passwords. It can also be used to make calls using another person's device. Bluetooth can even be used to take over another device and send SMS messages, or to listen in on conversations.
"Bluetooth needs to be on the radar screen of IT departments," he said.
Bluetooth also complicates patch management, Schatt said, because it is tougher to push out updates to cell phones and other handheld devices than it is to PCs.
Despite its problems, Bluetooth is becoming so prevalent that it is not practical to ban the technology. Businesses should therefore incorporate it into their wireless strategies.
Employees also need to be educated on how to use Bluetooth and on the kinds of security vulnerabilities it may present. Mathias recommends handing out a card with Bluetooth information to every cell phone user.