Bluetooth Hacking

According to research firm Insight Express, 73 percent of mobile device users are not aware of the security risks associated with Bluetooth-equipped devices. Ooi Szu-Khiam, senior security consultant at Symantec Singapore, told ZDNET in an email that in the past year, numerous mobile viruses, worms and Trojan horses have emerged, and their evolution is cause for concern. These potential risks are commonly known as bluejacking, bluesnarfing, and bluebugging to techies and security experts, and they're all bad news for your phone. You can read more about these threats in detail over at ZDNET, but here's a quick rundown of what they are in a nutshell:

• Bluejacking is a technique used to send unsolicited text messages to mobile users via Bluetooth.
• Bluesnarfing is the unauthorized access of information on your phone through a Bluetooth connection. This attack allows hackers to copy data off your phone, including contact lists, emails, text messages, and even private videos or photos.
• Bluebugging is the most serious threat of all. A hacker has the ability to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations, and connect to the Internet.

What you can do

Ooi suggests users install security software on their mobile devices that include antivirus, firewall, anti-SMS spam, and data-encryption technologies. He also recommends users take the following precautions:

• Stay offline: Turn off features that you are not using. If you have a Bluetooth-equipped device and do not need the function, then don't turn it on.
• Stay invisible: If you are using the Bluetooth function and don't require your device ID to be visible to others, make sure the device's visibility setting is set to "hidden" so malicious hackers will not be able to scan and search for it.
• Verify incoming transmission: Do not accept and run attachments from unknown sources unless you are expecting them. For example, if you receive a message to install an application and you don't know its origin, don't run it.
• Use passwords: Ideally, use passwords with a large number of digits. A four-digit PIN or password can be broken in less than a second, and a six-digit PIN in about 10 seconds, while a 10-digit PIN is likely to take weeks to crack.

I'm sure you've heard it all before, but a refresher never hurt anyone. You might want to pass this along to someone who may not be up to speed on Bluetooth security.