مشاهده نسخه کامل
: Vahed
08-08-2007, 19:42
One of the guys who works for the computer repair company in one of the offices above Refresh suggested that perhaps I should do an article on the mysterious world of Bluejacking and BlueSnarfing. The motive behind this suggestion was that whilst in a pub last night someone tried to compromise his mobile phone handset; we both agreed this was a danger Click readers should be made aware of.
Bluetooth is a fantastic technology and one of its many applications allows modern day mobile phone handsets to communicate wirelessly and exchange data with each other. Although the technology currently has a theoretical maximum range of up to 100m, it is worth noting that when built into a mobile phone the two devices realistically have to be in the same room to communicate with one another.
The applications for Bluetooth are numerous - one of the most useful and practical use for the technology is that handsfree headsets can communicate with your mobile phone without the need for cumbersome cables. Bluetooth can also be used to send files such as pictures, movies and MP3's to others that you know quickly, easily and free of charge.
Unfortunately, with most technology there is often a downside. In this instance, the problem with Bluetooth is that unless you turn it off when you're not using it, then your phone will be continuously broadcasting itself and this can be a potential security vulnerability.
BlueJacking is a term used to refer to the sending of unsolicited messages over Bluetooth. The person sending the messages doesn't have any control over your phone so it is technically harmless, however it can be quite confusing for the person on the receiving end when they receive anonymous messages. BlueJacking can also be used for unsolicited advertising; I was offered a box several weeks ago that when put in my window would send a message advertising my company to everyone who drove past with a bluetooth enabled phone. Of course, I declined but if such advertising technology catches on then using our phones on a day to day basis could become a lot more tiresome.
BlueSnarfing is in a different league to BlueJacking as it is usually used for malicious purposes. By taking advantage of vulnerabilities in susceptible handsets the BlueSnarfer can potentially gain access to confidential data within the phone such as the contact list, pictures, videos and text messages. There have even been instances where the BlueSnarfer can dial premium rate phone numbers without the consent or knowledge of the handset owner.
Another potential vulnerability of Bluetooth is that is can be used as a medium to transfer viruses. It is a rather strange state of the world when we have phones capable of contracting viruses but trust me, it does happen. Such viruses only tend to affect the handsets that have relatively advanced operating systems. Once infected these handsets then start propagating the virus by sending it out to every Bluetooth handset within range. These viruses are fairly easy to avoid because the handset does ask the user if they want to accept a file via Bluetooth before permission is given for the transfer to take place; typically only those uneducated in Bluetooth etiquette would accept such a file.
I don't want to incite a knee-jerk reaction resulting in my readership abandoning Bluetooth - It is a good technology, is genuinely useful and the risks are relatively low. If you do have a Bluetooth enabled handset there are a couple of ways to minimise your risk and luckily these are extremely easy to implement.
If you don't use Bluetooth then keep it switched turned off or your status set as 'undiscoverable' as this will result in no malicious users being able to locate your handset. If you do require or simply would like to keep Bluetooth enabled then make sure that if you are asked whether you would like to receive a file you weren't expecting then reject it. Simple!
By: Jim Tomas , 7.2007
Bluetooth is a fantastic technology and one of its many applications allows modern day mobile phone handsets to communicate wirelessly and exchange data with each other. Although the technology currently has a theoretical maximum range of up to 100m, it is worth noting that when built into a mobile phone the two devices realistically have to be in the same room to communicate with one another.
The applications for Bluetooth are numerous - one of the most useful and practical use for the technology is that handsfree headsets can communicate with your mobile phone without the need for cumbersome cables. Bluetooth can also be used to send files such as pictures, movies and MP3's to others that you know quickly, easily and free of charge.
Unfortunately, with most technology there is often a downside. In this instance, the problem with Bluetooth is that unless you turn it off when you're not using it, then your phone will be continuously broadcasting itself and this can be a potential security vulnerability.
BlueJacking is a term used to refer to the sending of unsolicited messages over Bluetooth. The person sending the messages doesn't have any control over your phone so it is technically harmless, however it can be quite confusing for the person on the receiving end when they receive anonymous messages. BlueJacking can also be used for unsolicited advertising; I was offered a box several weeks ago that when put in my window would send a message advertising my company to everyone who drove past with a bluetooth enabled phone. Of course, I declined but if such advertising technology catches on then using our phones on a day to day basis could become a lot more tiresome.
BlueSnarfing is in a different league to BlueJacking as it is usually used for malicious purposes. By taking advantage of vulnerabilities in susceptible handsets the BlueSnarfer can potentially gain access to confidential data within the phone such as the contact list, pictures, videos and text messages. There have even been instances where the BlueSnarfer can dial premium rate phone numbers without the consent or knowledge of the handset owner.
Another potential vulnerability of Bluetooth is that is can be used as a medium to transfer viruses. It is a rather strange state of the world when we have phones capable of contracting viruses but trust me, it does happen. Such viruses only tend to affect the handsets that have relatively advanced operating systems. Once infected these handsets then start propagating the virus by sending it out to every Bluetooth handset within range. These viruses are fairly easy to avoid because the handset does ask the user if they want to accept a file via Bluetooth before permission is given for the transfer to take place; typically only those uneducated in Bluetooth etiquette would accept such a file.
I don't want to incite a knee-jerk reaction resulting in my readership abandoning Bluetooth - It is a good technology, is genuinely useful and the risks are relatively low. If you do have a Bluetooth enabled handset there are a couple of ways to minimise your risk and luckily these are extremely easy to implement.
If you don't use Bluetooth then keep it switched turned off or your status set as 'undiscoverable' as this will result in no malicious users being able to locate your handset. If you do require or simply would like to keep Bluetooth enabled then make sure that if you are asked whether you would like to receive a file you weren't expecting then reject it. Simple!
By: Jim Tomas , 7.2007