US-CERT Cyber Security Tip ST05-015 -- Understanding Bluetooth Technology

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        Cyber Security Tip ST05-015
                     Understanding Bluetooth Technology

   Many electronic devices are now incorporating Bluetooth technology to allow
   wireless communication with other Bluetooth devices. Before using Bluetooth,
   it is important to understand what it is, what security risks it presents,
   and how to protect yourself.

What is Bluetooth?

   Bluetooth is a technology that allows devices to communicate with each other
   without cables or wires. It is an electronics "standard," which means that
   manufacturers that want to include this feature have to incorporate specific
   requirements into their electronic devices. These specifications ensure that
   the devices can recognize and interact with other devices that use the
   Bluetooth technology.

   Many popular manufacturers are making devices that use Bluetooth technology.
   These  devices  include mobile phones, computers, and personal digital
   assistants (PDAs). The Bluetooth technology relies on short-range radio
   frequency, and any device that incorporates the technology can communicate
   as long as it is within the required distance. The technology is often used
   to allow two different types of devices to communicate with each other. For
   example, you may be able to operate your computer with a wireless keyboard,
   use a wireless headset to talk on your mobile phone, or add an appointment
   to your friend's PDA calendar from your own PDA.

What are some security concerns?

   Depending upon how it is configured, Bluetooth technology can be fairly
   secure.  You  can take advantage of its use of key authentication (see
   Understanding Digital Signatures for more information) and encryption (see
   Understanding  Encryption  for  more information). Unfortunately, many
   Bluetooth devices rely on short numeric PIN numbers instead of more secure
   passwords or passphrases (see Choosing and Protecting Passwords for more
   information).

   If someone can "discover" your Bluetooth device, he or she may be able to
   send you unsolicited messages or abuse your Bluetooth service, which could
   cause you to be charged extra fees. Worse, an attacker may be able to find a
   way to access or corrupt your data. One example of this type of activity is
   "bluesnarfing," which refers to attackers using a Bluetooth connection to
   steal information off of your Bluetooth device. Also, viruses or other
   malicious code can take advantage of Bluetooth technology to infect other
   devices. If you are infected, your data may be corrupted, compromised,
   stolen, or lost. You should also be aware of attempts to convince you to
   send information to someone you do not trust over a Bluetooth connection
   (see Avoiding Social Engineering and Phishing Attacks for more information).

How can you protect yourself?

     * Disable Bluetooth when you are not using it - Unless you are actively
       transferring  information  from one device to another, disable the
       technology to prevent unauthorized people from accessing it.
     * Use Bluetooth in "hidden" mode - When you do have Bluetooth enabled,
       make sure it is "hidden," not "discoverable." The hidden mode prevents
       other Bluetooth devices from recognizing your device. This does not
       prevent you from using your Bluetooth devices together. You can "pair"
       devices so that they can find each other even if they are in hidden
       mode. Although the devices (for example, a mobile phone and a headset)
       will need to be in discoverable mode to initially locate each other,
       once they are "paired" they will always recognize each other without
       needing to rediscover the connection.
     * Be careful where you use Bluetooth - Be aware of your environment when
       pairing devices or operating in discoverable mode. For example, if you
       are in a public wireless "hotspot," there is a greater risk that someone
       else may be able to intercept the connection (see Securing Wireless
       Networks for more information) than if you are in your home or your car.
     * Evaluate  your security settings - Most devices offer a variety of
       features  that you can tailor to meet your needs and requirements.
       However, enabling certain features may leave you more vulnerable to
       being  attacked,  so disable any unnecessary features or Bluetooth
       connections. Examine your settings, particularly the security settings,
       and select options that meet your needs without putting you at increased
       risk. Make sure that all of your Bluetooth connections are configured to
       require a secure connection.
     * Take advantage of security options - Learn what security options your
       Bluetooth  device  offers,  and  take  advantage  of features like
       authentication and encryption.
     _________________________________________________________________

     Authors: Mindi McDowell, Matt Lytle
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed to
     increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST05-015.html

     For instructions on subscribing to or unsubscribing from this mailing
     list, visit http://www.us-cert.gov/cas/signup.html.





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTIej0j6pPKYJORa3AQJEbwgAxa94hUWezg9t+1tEKQ3wh2DBw/nd+eA7
yG67DkYoICHX9XOkGiVNjxt4lt28RPyupzc5YrjajG25z5YhgO1E/hnC8lizLGPr
sEDjGMn+4WL/+ncj9I/ldko3g+0hCnPYcoW4hQSp9TywH/rjf5NaTFvSbxoeN4Cl
ss/b8Gse/jjl0Hi/G1GJ/dL2BfRwwZWFMWipdOOfw+DP47W6rgziVfhAPzXnyyNt
2g+ujv5cpBL7CiYJPzmGfNbHG48o+ojoTrfNXKI45RwACnIA68Y+LUvxRSMHYjpd
6TXbzLt5u+HLRbJH8VaaG1Upyz/gxQtbjuDUqyx5CjTZoU2XCOV+Hw==
=2r7R
-----END PGP SIGNATURE-----


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux