Bluetooth was prominently featured at the recent Black Hat and Defcon security conferences in Las Vegas. However, supporters of the technology won't be too happy knowing that a number of security experts who attended the shows described, as well as demonstrated, a number of its flaws by downloading contact information and reading text messages on the devices of unsuspecting bystanders.
Although more individual users of Bluetooth technology are aware of "bluejacking/bluesnarfing" practices, it seems that businesses, especially their IT departments, that employ Bluetooth still haven't fully realized the potential damage that can be caused by these flaws. However, some of the leading Bluetooth-enabled device makers like Nokia and Sony Ericsson say they have been addressing the security problems and will continue to do so.
Should we be concerned about this, or are there enough wireless technologies to go around that these "problems" can be categorized as "overstated"?
"Bluetooth is a silent killer," said Stan Schatt, a vice president and research director with Cambridge, Mass.-based Forrester Research Inc. "You can look at someone and not know that they have a Bluetooth device, yet they can still do damage."
The short-range 2.45 GHz wireless technology is being embedded in more manufacturers' mobile devices. Wireless phones and headsets are most popular, but it is also being embedded in printers, PDAs, laptops and other devices. It is most often used to replace cords for headsets, synch mobile devices with PCs or share contact information between devices.
According to the Scottsdale, Ariz.-based research firm In-Stat/MDR, 69 million Bluetooth chips shipped in 2003. By 2008, the firm expects 720 million units to ship each year.
While Bluetooth is prevalent, it has very little use in a business context and therefore is rarely managed by IT departments, Schatt said. Generally, the technology is embedded in the devices that employees bring into the office. Now that these devices are becoming more commonplace, hackers are finding ways to exploit the technology's weakness.
For instance, Bluetooth can be used to download information stored on a mobile device, including contact lists and passwords. It can also be used to make calls using another person's device. Bluetooth can even be used to take over another device and send SMS messages, or to listen in on conversations.
