Class 1 standard easy for hackers to exploit, says security firm
vnunet.com, 17 Dec 2003
Security experts have warned of the need to take care as new Bluetooth devices with a transmission range of up to 100 metres arrive.
Security consultant @stake believes that devices conforming to the latest Bluetooth standard represent a potential crisis similar to the introduction of wireless local area networks based on the 802.11b Wi-Fi standard.
The firm expects that Class 1 Bluetooth will appear on everything from laptops to mobile phones, allowing hackers to gain access to sensitive information.
Ollie Whitehouse, director of security architecture at @stake, said in a statement: "With this class of device, wireless transmission of information leaves the office environment and travels anywhere an employee does.
"This means that third parties can access information without penetrating the physical security of an office or dealing with the problems of circumventing existing network security.
"The onus really is on vendors to ensure that all devices are optimised for security before they are put in the hands of customers."
In a recent white paper, @stake warned that even non-discoverable devices still respond to direct name and service enquiries and are therefore open to detection and attack.
Other common problems identified include Windows 2000 hosts configured to connect to all Bluetooth devices, and Windows registries that retain details of all devices to which they have been connected.
Another potentially serious problem centres on mobile phones that retain pairing information details when Sim cards are swapped.
This means that a third party that has access to a phone for even a few minutes can place a bond on it and use it as a platform for future attacks.
"The very real risks of Bluetooth will only multiply as adoption increases and the drivers vary from their default configurations," said Whitehouse.
"Many vendors release Bluetooth products with a best effort approach to security that can only compromise the integrity of the information held on those devices.
"Vendors should understand these issues and risks and develop mechanisms for delivering security out of the box. While it is not a time to panic, it is certainly a time to act."
Threat of 'bluesnarfing' attacks prompts wireless ban until security can be guaranteed
Content and apps developers face make or break year, warns analyst
Developers set to cash in on expanded market, predicts analyst
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
We chat to Mike Maddison, UK head of Security, Privacy...
Update designed to give mobile users a richer, more personalised...
More thoughts on how servers can help manage overload
Do you agree?
Have your say on this article