As Bluetooth becomes more pervasive, it's likely to become the target of more security threats.
With the ability to act as a wireless networking method between devices up to 30 feet apart, Bluetooth technology is integrated into a range of devices, including cell phones, notebooks, and PDAs. Cars like the Toyota Prius are Bluetooth-enabled, as are a number of specialty products, from medical equipment to gaming consoles. Even Microsoft Windows XP SP2 includes Bluetooth support.
Bluetooth devices are subject to various security threats. While they aren't yet near the level of those associated with Wi-Fi networks, expect that to change as Bluetooth's popularity grows. Don't let the short operating range fool you—in a world where most people have cell phones, a Bluetooth--related risk may be as near as the person in line behind you or in the car next to you.
In order to communicate, Bluetooth devices must first "pair" with one another. While there are Bluetooth-enabled devices you would want to pair with—your PDA and printer, or your cell phone and notebook—you generally don't want your device paired with that of an anonymous user. Bluetooth handles such situations with various security modes, but it's up to you to see that they're enabled. If you leave your device in "discoverable" mode, any Bluetooth user within range can try to communicate with it.
The Bluetooth specification is largely secure; it's possible to pair devices so that information passed between them is encrypted. But there have been problems on the implementation side; a prime example is the Cabir virus, which spread via Bluetooth connections and infected cell phones using the Symbian Series 60 interface by exploiting a vulnerability specific to the Symbian code. Not every Bluetooth-related security risk is platform-specific, however.
Bluetooth's popularity has given rise to a series of security risks known as bluejacking, bluebugging, and bluesnarfing. In Bluejacking, a person discovers and then anonymously sends a business card to another Bluetooth device. Bluebugging is more serious, in that it lets another Bluetooth user connect to and issue commands on a remote cell phone or PDA, using it to make calls, send text messages, or even eavesdrop on conversations. Bluesnarfing lets a Bluetooth user connect to other devices in range, in order to gain access to their contacts, calendar, and more. As users store more personal information on Bluetooth devices, the need to address potential security and privacy threats becomes more pressing.
Thankfully, securing Bluetooth devices isn't too difficult. Pair your devices securely, using a strong (eight characters or more) PIN code. Always pair them in a private location to reduce the chances of your PIN code's being cracked. To eliminate the risk of unknown users accessing your device, configure it to function in Bluetooth's nondiscoverable mode.
Periodically check the vendor's Web site for updates or security patches for your device. Even cell-phone manufacturers now post security patches for their products as vulnerabilities are discovered. Applying these updates can be the difference between leaving your device exposed to the latest threats and avoiding such dangers completely.
Never accept Bluetooth messages or pairing requests from unknown users. The Cabir virus infected systems only when users accepted its incoming message and then chose to install the attached file. Take the same precautions with a Bluetooth request as you would with an e-mail message with a suspicious attachment.
As the reach of Bluetooth grows, it may become an increasingly popular target for security threats, including viruses, hacking attempts, and, potentially, Trojan horse–style attacks. It's worth giving the protection of your Bluetooth devices more than just a cursory thought—and to do that before the first big wave of Bluetooth security risks hits.