Bluetooth group downplays security risks
- 14 May, 2004 07:00
The Bluetooth Special Interest Group (SIG) has dismissed security fears about the technology, claiming any flaws in it are limited to a small number of mobile phones - although it has detailed measures that concerned users can take to secure a wide range of Bluetooth devices.
Bluetooth is primarily a short-range wireless technology that operates in the same 2.4GHz frequency band as wireless LANs. It's used as cordless replacement to connect a wide range of devices, such as mobile phones, to each other in a process known as "pairing" and can also serve as the link between a phone or handheld computer and Bluetooth wireless printers.
Marketing director of the Bluetooth SIG, Mike McCamon, said Bluetooth device shipments had now hit a million per week and that any security problems with the wireless technology were limited to a handful of phones manufactured by Nokia and Sony Ericsson.
Those phones, which include Sony Ericsson's R520m and T68i phones and Nokia's 6310, 6310i, 8910 and 8910i phones, are susceptible to a hacking technique known as "bluesnarfing," according to Nick Hunn, a Bluetooth security expert and sales managing director at TDK Systems Europe.
Flaws in these phones could allow hackers to access data such as information stored in address books or calendars, he said. Both Nokia and London-based Sony Ericsson are developing patches for the older phones, while newer models won't be vulnerable to a bluesnarfing attack, Hunn said.
Nokia said that it views any security threat from bluesnarfing as minimal and that the technique could be easily prevented by setting Bluetooth on the phones to a "hidden" mode.
That made intrusion more difficult since the hacker would have to know or guess the Bluetooth address before establishing a connection, the company said.
Sony Ericsson couldn't be reached for comment.
Hunn and McCamon agreed with Nokia's recommendations.
They said users should turn off a feature that allows one Bluetooth-equipped device to easily detect or "discover" another. "Always make sure your devices are not discoverable," McCamon said.
Every Bluetooth device has a name, which users can change, and he suggested that each user choose one that doesn't readily identify his device.
Hunn said concerned Bluetooth users should keep in mind that the easiest way to obtain data from a mobile phone wasn't through illicit Bluetooth access, but from phones that had been lost.