Bluetooth Security Review

If you’ve got a Bluetooth-enabled cellular phone, you should be aware of the security implications of making use of the Bluetooth features. Marek Bialoglowy has posted the first article in a two-part series entitled Bluetooth Security Review over at Security Focus.

While the good news is your chances of being hacked are very slim (especially if your Bluetooth service is in undiscoverable mode), Bluetooth is an insecure protocol. As discussed in the article, a determined attacker can snag your address book, read SMS messages, and even send and receive SMS and phone calls through your phone. He also discusses some tests he ran, including the social engineering aspect of hacking Bluetooth phones.

In otherwords, stay in undiscoverable mode if you can, and don’t accept Bluetooth connections without verifying the identity of the sending unit as best you can.

The next article should be more interesting, as he’s going to discuss long-range attacks with antennas and different software. This probably means he’ll discuss the BlueSniper “rifle” and similar gadgets. With the BlueSniper, security researcher John Hering was able to grab an address book off a phone from a distance of 1.1 miles!

Learn your Bluetooth security now, as you never know who’s listening. Or who will be in the future… Bluesnarfing is as easy as wardriving given the widespread availability of cheap Bluetooth USB dongles. Between this issue and the appearance of Bluetooth viruses, we best hope manufacturers start developing a more secure wireless method soon.