BLUETOOTH SECURITY

Radio-wave frequency communication between computers and other devices is increasing and is almost certain to continue increasing. Throughout the first world and in much of the third world transmission stations, antennas and other infrastructure that encourages wireless communication are being steadily put into place.

Even Jerusalem is scheduled to be ‘wi-fied’ within two years, including the Arab neighborhoods. The Arab League considers such unregulated access a threat:

Cairo, August 24(SANA-Official Syrian News Agency): www.sana.org/english/headlines/24-8/arab_league1.htm

In the words of IMRA (Israel Media Review and Analysis):

[IMRA: A joint initiative by the Municipality of Jerusalem, Intel and Compumat Computers Ltd., together with the Jerusalem Business Development Authority, may turn the Holy City into the world’s first wireless fidelity (WiFi) city within two years. Users in most areas of the city will be able to surf the Internet wirelessly.]

Arab League (AL) condemned the Israeli project on turning al-Kudos (the Arab name for Jerusalem) city to a so-called Great Internet City, asserting that the aim of this project is to liquidate the Arab identity of it and to change its historical and archeological features.

In a statement issued on Tuesday, the AL said that the project aims at imposing a de facto on the city in a way that serves the Israeli interests under the pretext of encouraging the foreign investments.

(End of IMRA comments)

If the user has Bluetooth devices, he or she will not only be able to surf the internet wirelessly, but communicate with any other Bluetooth enabled device in Jerusalem. And not only in Jerusalem, but anywhere in the world that is similarly wired. You can see why dictatorial regimes consider radio-frequency communication a threat.

Security is a major issue with Bluetooth. Radio waves can be intercepted. This has been addressed by the organizations promoting Bluetooth. These organizations’ take on the effectiveness of Bluetooth’s security measures is much more positive than those of critics.

Let’s get down to details.

A recent article in ZDNet discussed the latest security concerns as of April 2004. Here’s an excerpt:

VANCOUVER, British Columbia–The latest specification of Bluetooth, a popular short-range wireless technology, has left serious security issues unfixed, according to a wireless researcher.

The glitch in the Bluetooth 1.2 technology is related to how it deals with the personal identification number (PIN) that’s used to protect data, Ollie Whitehouse, a researcher for digital security firm @Stake, said at the CanSecWest security conference here on Wednesday.

An analysis of the specification has shown that the identifier can be broken, according to Whitehouse. This can be done using specialized hardware to capture certain data transferred between Bluetooth-enabled devices when they first contact each other. Once the information is collected, an eavesdropper could listen to cell phone calls, grab personal information as it is synchronized with a computer or counterfeit signals from one device to the other.

“People who use Bluetooth, if they use short PINs, are exposing data on the device,” Whitehouse said. “Moreover, people who wander around with an active Bluetooth device may be tracked by a knowledgeable security person.”

The discovery is the latest security problem to be found with Bluetooth technology. Previous attack approaches have gone by such colorful names as “Redfang,” which exposes the location of hidden Bluetooth devices, and “Bluestumbling” (also known as “Bluesnarfing”), which allows an attacker to grab information from certain makes of phones that have poorly implemented security.

The entire article is at:
zdenet.com.

The defects are in software, not hardware. You can download the latest drivers – little pieces of software that tell the computer’s operating system what to do with the hardware – from the specific manufacturer’s site.

For a whole list of articles, I performed a Google search on Bluetooth and security. You can view the results here.

In short, Bluetooth security is not up to snuff as yet. Hackers can break in. As with Spyware and other intruders, the hardware companies are working fast to plug up the holes. It’s only a matter of time until companies like Symantec and Webroot (manufacturer of Spy Sweeper) get into the Bluetooth security business.

In the meantime you’ll be filling up security holes by downloading updated drivers from your manufacturers’ sites. It is not difficult to do so. Many have automatic updating, as with Windowstm or Norton AntiVirustm..

In the meantime there are effective ways to encrypt your data or conversations before they are transmitted – by using PGP. We’ll get to that, and its shortcomings with Bluetooth, in next week’s discussion. In the meantime I won’t be using Bluetooth devices. However, I expect that in the next several months the major security gaps will be plugged. You won’t be completely secure, but you never are, these days.

Dennis Turner