• Bluetooth Security

    As more and more electronic devices include Bluetooth technology, security becomes more and more of an issue. This is especially true now that more devices use the more powerful (Class 1) Bluetooth version that allows them to communicate at distances of up to 100 meters (330 feet). It's no longer true that someone needs to be close by in order to connect.

    Threats to security via Bluetooth have become enough of a concern that three related terms have even emerged to describe the problems-bluejacking, bluesnarfing, and bluebugging. In a way, these terms are unfortunate because they may not convey the different levels of threat involved. Bluejacking is actually the least serious threat, while bluebugging is the most.

    Bluejacking

    Contrary to what the name may imply, "bluejacking" does not involve someone taking over your Bluetooth device. Rather, it simply refers to someone using their Bluetooth device to discover yours and to send you a message. While it hasn't happened yet, bluejacking could be used to spread a virus. For this to work, you would have to open a file or go to a web site suggested by the bluejacker. So the first step to safe Bluetooth is the same as the first rule of safe computing: Don't download anything from someone you don't know.

    But it's probably even better if you don't receive bluejacking messages at all. That's easily accomplished. Your Bluetooth device can only be "seen" by devices it's not paired with if you've left it in "discoverable" mode. This mode should only be used when you are pairing the device with another and are controlling the process. Afterwards, change the mode to "on."

    Bluesnarfing

    Bluesnarfing occurs when someone hacks into your mobile phone. They then have access to your address book, calendar, etc. There is a special vulnerability in older mobile phones that made this possible. The web site for your phone's manufacturer should tell you whether you need a patch to make sure your phone isn't vulnerable. Other than that, bluesnarfing shouldn't be a problem. The devices naturally encode their information and broadcast it on a unique channel hopping sequence to prevent uninvited devices from listening in.

    Bluebugging

    This is the most serious threat. It gives someone not only access to your personal information, but the ability to control your device remotely, making phone calls, changing files, listening in on your calls, reading your emails, etc.. To avoid bluebugging, make sure that you check your device's web site regularly for patches to protect it from vulnerability.

    In addition, you can add an extra hurdle for the would-be bluebugger by using a PIN or passkey when pairing your Bluetooth devices. A longer PIN will be difficult to guess and the devices won't talk to each other unless the PIN is known by both. Don't worry about forgetting the PIN. You can always set the device to "discoverable" and re-pair if you need to. Use a different PIN for each pairing rather than the same PIN for your whole piconet.

    Lastly, remember that pairing is permanent. If you're just setting up an ad hoc network with some other people, you don't need to pair your devices. Just connect them. If you pair your devices, they'll still find each other weeks later, long after the connection has served its purpose.