Bluetooth: Those Spying Eyes

With the use of Bluetooth technology on the upswing, security concerns are on the rise as well. Sure enough, Israeli cryptographers recently discovered a security flaw in the wireless technology that allows hackers to virtually hijack Bluetooth devices and infiltrate the networks they're connected to. Though the vulnerability is still in the discovery stage, the thinking is it will soon be exploited, so perhaps there are some proactive steps you can take to minimize potential problems.

Bluetooth is a short-range technology, so hackers must be physically close to prospective victims. At first it was thought that they could only eavesdrop on users' communications, but the Israeli researchers discovered that hackers can force their way into a Bluetooth session by masquerading as a device that has already been paired with a target and assume control of it.

According to Ollie Whitehouse, architect of Symantec's research division, infiltration is possible anywhere large groups of people are using Bluetooth for extended periods, e.g., in an airport. Whitehouse and his colleagues have coined the term "war nibbling" to describe the act of taking a lot of small bits of data.

In addition, a Bluetooth device in nondiscovery mode cannot detect other devices looking for available connections, allowing hackers to bypass the first layer of security. Whitehouse says Bluetooth devices also create a unique problem for businesses because they're designed primarily for personal use. "The uses for Bluetooth can't be dictated as easily by enterprises, and it has a different personal impact on users because the devices are their own, rather than belonging to the company," he says. "Because of this, it makes it possible for outsiders to enter a corporate network through the back door."

The Bluetooth Special Interest Group (SIG) says the researchers' claims are "an academic analysis of Bluetooth security," and that it's unlikely an everyday user would fall victim to such an attack. "Understanding the Bluetooth pairing process is an important defense," SIG says.

Whitehouse doesn't disagree, but says organizations need to respond proactively with a multipronged approach that includes identifying whether a network has any known violated devices, educating employees, revising their IT policies wherever necessary and giving solution providers control over potential technologies, such as encryption.

The security issue has popped up repeatedly for VARs who play in the wireless space. The good news is, the problems usually have the same remedy: multilayered security products and services combined with better user education and monitoring of organizational policies.

Adam Gray, CTO of Novacoast, a Symantec partner in Santa Barbara, Calif., says that many potential problems can be mitigated with some simple fixes. "Bluetooth isn't very different from other technologies; our first recommendation to users is to not use the default password or no password at all, and to turn it off if they're not using it," he says. "After that, it's important to develop security policies you can train and test against, because without that ability, the policies will be of no help."

Despite assurances that Bluetooth-specific security tools are on the way, few standalone products are actually on the market today. More frequently, it has been the case that broader security solutions incorporate support for Bluetooth. Such is the case with Windows XP Service Pack 2, which protects Bluetooth devices with help from RSA's SecurID authentication application. In addition, Check Point Software's VPN-1 products, Trend Micro's MobileSecurity 2.0 and Cisco's SAFE Blueprint for wireless networks all provide some level of Bluetooth protection. That said, it will probably take at least a few more months before vendors can create more focused security tools for Bluetooth devices, and even these new products are likely to be part of more comprehensive wireless security packages. --L.H.