-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-015
Understanding Bluetooth Technology
Many electronic devices are now incorporating Bluetooth technology to allow
wireless communication with other Bluetooth devices. Before using Bluetooth,
it is important to understand what it is, what security risks it presents,
and how to protect yourself.
What is Bluetooth?
Bluetooth is a technology that allows devices to communicate with each other
without cables or wires. It is an electronics "standard," which means that
manufacturers that want to include this feature have to incorporate specific
requirements into their electronic devices. These specifications ensure that
the devices can recognize and interact with other devices that use the
Bluetooth technology.
Many popular manufacturers are making devices that use Bluetooth technology.
These devices include mobile phones, computers, and personal digital
assistants (PDAs). The Bluetooth technology relies on short-range radio
frequency, and any device that incorporates the technology can communicate
as long as it is within the required distance. The technology is often used
to allow two different types of devices to communicate with each other. For
example, you may be able to operate your computer with a wireless keyboard,
use a wireless headset to talk on your mobile phone, or add an appointment
to your friend's PDA calendar from your own PDA.
What are some security concerns?
Depending upon how it is configured, Bluetooth technology can be fairly
secure. You can take advantage of its use of key authentication (see
Understanding Digital Signatures for more information) and encryption (see
Understanding Encryption for more information). Unfortunately, many
Bluetooth devices rely on short numeric PIN numbers instead of more secure
passwords or passphrases (see Choosing and Protecting Passwords for more
information).
If someone can "discover" your Bluetooth device, he or she may be able to
send you unsolicited messages or abuse your Bluetooth service, which could
cause you to be charged extra fees. Worse, an attacker may be able to find a
way to access or corrupt your data. One example of this type of activity is
"bluesnarfing," which refers to attackers using a Bluetooth connection to
steal information off of your Bluetooth device. Also, viruses or other
malicious code can take advantage of Bluetooth technology to infect other
devices. If you are infected, your data may be corrupted, compromised,
stolen, or lost. You should also be aware of attempts to convince you to
send information to someone you do not trust over a Bluetooth connection
(see Avoiding Social Engineering and Phishing Attacks for more information).
How can you protect yourself?
* Disable Bluetooth when you are not using it - Unless you are actively
transferring information from one device to another, disable the
technology to prevent unauthorized people from accessing it.
* Use Bluetooth in "hidden" mode - When you do have Bluetooth enabled,
make sure it is "hidden," not "discoverable." The hidden mode prevents
other Bluetooth devices from recognizing your device. This does not
prevent you from using your Bluetooth devices together. You can "pair"
devices so that they can find each other even if they are in hidden
mode. Although the devices (for example, a mobile phone and a headset)
will need to be in discoverable mode to initially locate each other,
once they are "paired" they will always recognize each other without
needing to rediscover the connection.
* Be careful where you use Bluetooth - Be aware of your environment when
pairing devices or operating in discoverable mode. For example, if you
are in a public wireless "hotspot," there is a greater risk that someone
else may be able to intercept the connection (see Securing Wireless
Networks for more information) than if you are in your home or your car.
* Evaluate your security settings - Most devices offer a variety of
features that you can tailor to meet your needs and requirements.
However, enabling certain features may leave you more vulnerable to
being attacked, so disable any unnecessary features or Bluetooth
connections. Examine your settings, particularly the security settings,
and select options that meet your needs without putting you at increased
risk. Make sure that all of your Bluetooth connections are configured to
require a secure connection.
* Take advantage of security options - Learn what security options your
Bluetooth device offers, and take advantage of features like
authentication and encryption.
_________________________________________________________________
Authors: Mindi McDowell, Matt Lytle
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed to
increase awareness.
Terms of use
http://www.us-cert.gov/legal.html
This document can also be found at
http://www.us-cert.gov/cas/tips/ST05-015.html
For instructions on subscribing to or unsubscribing from this mailing
list, visit http://www.us-cert.gov/cas/signup.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTIej0j6pPKYJORa3AQJEbwgAxa94hUWezg9t+1tEKQ3wh2DBw/nd+eA7
yG67DkYoICHX9XOkGiVNjxt4lt28RPyupzc5YrjajG25z5YhgO1E/hnC8lizLGPr
sEDjGMn+4WL/+ncj9I/ldko3g+0hCnPYcoW4hQSp9TywH/rjf5NaTFvSbxoeN4Cl
ss/b8Gse/jjl0Hi/G1GJ/dL2BfRwwZWFMWipdOOfw+DP47W6rgziVfhAPzXnyyNt
2g+ujv5cpBL7CiYJPzmGfNbHG48o+ojoTrfNXKI45RwACnIA68Y+LUvxRSMHYjpd
6TXbzLt5u+HLRbJH8VaaG1Upyz/gxQtbjuDUqyx5CjTZoU2XCOV+Hw==
=2r7R
-----END PGP SIGNATURE-----
