US-CERT Cyber Security Tip ST05-015 -- Understanding Bluetooth Technology

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Cyber Security Tip ST05-015
                     Understanding Bluetooth Technology

   Many electronic devices are now incorporating Bluetooth technology to
   allow wireless communication with other Bluetooth devices. Before
   using Bluetooth, it is important to understand what it is, what
   security risks it presents, and how to protect yourself.

What is Bluetooth?

   Bluetooth is a technology that allows devices to communicate with each
   other  without cables or wires. It is an electronics "standard," which
   means  that  manufacturers  that  want to include this feature have to
   incorporate specific requirements into their electronic devices. These
   specifications ensure that the devices can recognize and interact with
   other devices that use the Bluetooth technology.

   Many  popular  manufacturers  are  making  devices  that use Bluetooth
   technology.  These  devices  include  mobile  phones,  computers,  and
   personal digital assistants (PDAs). The Bluetooth technology relies on
   short-range  radio  frequency,  and  any  device that incorporates the
   technology  can  communicate  as  long  as  it  is within the required
   distance. The technology is often used to allow two different types of
   devices  to  communicate with each other. For example, you may be able
   to  operate  your  computer  with  a wireless keyboard, use a wireless
   headset  to  talk  on your mobile phone, or add an appointment to your
   friend's PDA calendar from your own PDA.

What are some security concerns?

   Depending  upon  how  it  is  configured,  Bluetooth technology can be
   fairly secure. You can take advantage of its use of key authentication
   (see  Understanding  Digital  Signatures  for  more  information)  and
   encryption   (see  Understanding  Encryption  for  more  information).
   Unfortunately,  many  Bluetooth  devices  rely  on  short  numeric PIN
   numbers  instead of more secure passwords or passphrases (see Choosing
   and Protecting Passwords for more information).

   If someone can "discover" your Bluetooth device, he or she may be able
   to  send  you  unsolicited  messages  or abuse your Bluetooth service,
   which could cause you to be charged extra fees. Worse, an attacker may
   be  able  to find a way to access or corrupt your data. One example of
   this  type  of  activity  is "bluesnarfing," which refers to attackers
   using  a  Bluetooth  connection  to  steal  information  off  of  your
   Bluetooth  device.  Also,  viruses  or  other  malicious code can take
   advantage  of Bluetooth technology to infect other devices. If you are
   infected,  your  data  may be corrupted, compromised, stolen, or lost.
   You  should  also  be  aware  of  attempts  to  convince  you  to send
   information  to  someone  you do not trust over a Bluetooth connection
   (see  Avoiding  Social  Engineering  and  Phishing  Attacks  for  more
   information).

How can you protect yourself?

     * Disable  Bluetooth  when  you  are  not  using it - Unless you are
       actively  transferring  information  from  one  device to another,
       disable   the  technology  to  prevent  unauthorized  people  from
       accessing it.
     * Use  Bluetooth  in  "hidden"  mode  -  When  you do have Bluetooth
       enabled,  make sure it is "hidden," not "discoverable." The hidden
       mode  prevents  other  Bluetooth  devices  from  recognizing  your
       device.  This  does  not  prevent  you  from  using your Bluetooth
       devices  together.  You  can  "pair" devices so that they can find
       each  other  even if they are in hidden mode. Although the devices
       (for  example,  a  mobile  phone and a headset) will need to be in
       discoverable  mode  to  initially locate each other, once they are
       "paired"  they will always recognize each other without needing to
       rediscover the connection.
     * Be  careful where you use Bluetooth - Be aware of your environment
       when  pairing  devices  or  operating  in  discoverable  mode. For
       example,  if  you  are  in a public wireless "hotspot," there is a
       greater  risk  that  someone  else  may  be  able to intercept the
       connection  (see  Securing Wireless Networks for more information)
       than if you are in your home or your car.
     * Evaluate  your security settings - Most devices offer a variety of
       features  that you can tailor to meet your needs and requirements.
       However,  enabling  certain features may leave you more vulnerable
       to   being  attacked,  so  disable  any  unnecessary  features  or
       Bluetooth  connections.  Examine  your  settings, particularly the
       security settings, and select options that meet your needs without
       putting  you  at  increased  risk.  Make  sure  that  all  of your
       Bluetooth   connections   are   configured  to  require  a  secure
       connection.
     * Take  advantage  of security options - Learn what security options
       your  Bluetooth device offers, and take advantage of features like
       authentication and encryption.
     _________________________________________________________________

     Authors: Mindi McDowell, Matt Lytle
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-015.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQvpkERhoSezw4YfQAQIR7Qf/XuyKEmWs90OFU/9Qdnk+lJXWhVjJdFzL
GXBASOXVtlIqczmbukFNkSnElGobtiL5h85O9vOoU8gYffkbMll4vFgAs0hxhsfQ
FYBanm28yU1gpiN9NvbS44ODQfDXrRTkCdooBR/YLqLtxX3Pt9ecL7DeCBI5uYuK
38kiSLxGu1Izw7j3kb8qL/0PyNofvgQ7pzPCQfNdZqDhmMgEVRliJeL4fAJAherF
igSUzoHD35US/PQTTTvb/koYer9D9AzzErkNRcme3wXcV3Mua097KCeU0u2cozjP
Xb+b46tjz8KTfSwLvi7Xcvt6X1r9aFruwbO3GA8hwmmVEjIKgbH3+Q==
=HO+J
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux