Bluetooth group downplays security risks

The Bluetooth Special Interest Group (SIG) has dismissed security fears about the technology, claiming any flaws in it are limited to a small number of mobile phones - although it has detailed measures that concerned users can take to secure a wide range of Bluetooth devices.

Bluetooth is primarily a short-range wireless technology that operates in the same 2.4GHz frequency band as wireless LANs. It's used as cordless replacement to connect a wide range of devices, such as mobile phones, to each other in a process known as "pairing" and can also serve as the link between a phone or handheld computer and Bluetooth wireless printers.

Marketing director of the Bluetooth SIG, Mike McCamon, said Bluetooth device shipments had now hit a million per week and that any security problems with the wireless technology were limited to a handful of phones manufactured by Nokia and Sony Ericsson.

Those phones, which include Sony Ericsson's R520m and T68i phones and Nokia's 6310, 6310i, 8910 and 8910i phones, are susceptible to a hacking technique known as "bluesnarfing," according to Nick Hunn, a Bluetooth security expert and sales managing director at TDK Systems Europe.

Flaws in these phones could allow hackers to access data such as information stored in address books or calendars, he said. Both Nokia and London-based Sony Ericsson are developing patches for the older phones, while newer models won't be vulnerable to a bluesnarfing attack, Hunn said.

Nokia said that it views any security threat from bluesnarfing as minimal and that the technique could be easily prevented by setting Bluetooth on the phones to a "hidden" mode.

That made intrusion more difficult since the hacker would have to know or guess the Bluetooth address before establishing a connection, the company said.

Sony Ericsson couldn't be reached for comment.

Hunn and McCamon agreed with Nokia's recommendations.

They said users should turn off a feature that allows one Bluetooth-equipped device to easily detect or "discover" another. "Always make sure your devices are not discoverable," McCamon said.

Every Bluetooth device has a name, which users can change, and he suggested that each user choose one that doesn't readily identify his device.

Hunn said concerned Bluetooth users should keep in mind that the easiest way to obtain data from a mobile phone wasn't through illicit Bluetooth access, but from phones that had been lost.

More about: Bluetooth Special Interest Group, Ericsson, HIS Limited, Nokia, Sony, Sony Ericsson, TDK

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/171/gadwin-web-snapshot/

Gadwin Web Snapshot

Gadwin Web Snapshot will effectively capture the entire page including all design elements when capturing web pages. It makes an image of the browser’s content ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia