Q. If people can broadcast TO my Bluetooth headset, does that mean they can listen in?

A. Ever since Tyler first posted about his dislike of ‘Bluecasting’ (also known as Bluejacking) , it’s got a lot of people asking me - if it’s so easy to push unwanted information TO a Bluetooth headset, does that mean people can PULL information through my Bluetooth device, too?

The simple answer is yes.

Since almost the very moment Bluetooth was released, hackers have been building ways to crack it.

The first Bluetooth breaches were through an early security hole. Nicknamed “Bluebugging: “, hackers took advantage of this backdoor to eavesdrop as well as access and even overwrite a phone’s address book and text message files. As with any Bluetooth security breach, the hacker had to be within 30 feet of your phone.

Starting in 2005, most new Bluetooth-enabled phones were cured of this, although hackers are always writing new code and new programs to breach security.

As that hole was being plugged, hackers discovered that Bluetooth phones in ‘Discoverable’ mode could be accessed . This is called “Bluesnarfing“.

Unauthorized users ‘pair up’ to your Bluetooth and once linked, can steal the whole of your phone book, that’s your whole contact list, your calendar, your stored pictures, even your ring tones.

There is also something called a ‘DoS’ attack. A Denial-of-Service is a malicious hacker who broadcasts a code that makes your device unavailable to you until it reboots (turned off and then turned on again). There’s usually no breach of your information in a DoS attack, or harm to your headset or phone. It’s just idiocy for idiocy’s sake.

Should these security concerns keep you from buying and using say… a new MoGo headset?No. The good news is that there are things you can do to keep your calls and information safer.

1) Turn off discoverable mode.

Most phones are “visible” (or set to ‘Discoverable mode’) by default when Bluetooth is switched on. The safest mode is ‘Non-discoverable’:

1. Non-discoverable mode: Does not respond to inquiry - highest safety for your phone. .
2. Limited discoverable mode (or ‘Hidden’): Discoverable only for a limited period of time, during temporary conditions or for a specific event - this provides medium safety.
3. General discoverable mode: Discoverable continuously or for no specific condition - no safety from Bluejacking or Bluesnarfing.

2) Use a strong PIN code for you headset.
Not only should you choose a strong PIN, you should also be careful not to use it in public where it can caught by someone watching. If your headset and phone become unpaired, go somewhere private to link them back up .... not standing in the middle of the mall.

3) Never, ever let an unknown device pair to your phone. Periodically watch the Bluetooth symbol on your phone. If it looks different, or you see an unexpected message appear on your device asking to pair up, well, to quote Nancy Reagan - just say NO.

Unsure what the Bluetooth symbol is supposed to look like? Apple has a great article showing all the Bluetooth icons and their meanings here.

4) Keep Moving. PC Today said it well: “Unless your attacker has invested vast amounts of time and money in a long-range Bluetooth transmitter/receiver, chances are great that they will be operating within standard Bluetooth range (within 10 meters [33 feet]). If you notice something wacky happening with your smartphone or PDA and don’t know what else to do, simply get up and move away.

“If you are on a bus, train, airplane, or other confined area, simply power off your device and wait to see who reacts. If you catch them, make sure to give them a dirty look. ”

————————————————————————————————

On Fridays, MoGo Mobility’s Elizabeth will seek to answer your MoGo (and non-MoGo) technical questions.

Elizabeth is a professional writer & geek with most of the last decade spent in senior management at a leading global IT provider. Thousands have attended her seminars in the US & Canada on subjects ranging from basic TCP/IP networking to high-end data storage solutions.

Got a question? Ask Elizabeth.

Tags:answer is yes, bluejacking, bluesnarfing, bluetooth device, bluetooth enabled phones, bluetooth headset, bluetooth security, breach security, cell phone, contact, dos attack, eavesdrop, even overwrite, hackers, headset, idiocy, malicious hacker, mogo, security, security breach, security hole, simple answer unauthorized users

Share This

Looks like what used to be easy, might just get a whole heck of a lot easier.  Man, pretty soon we’ll just be able to think something and it will happen.  Ahh, I can’t wait for those days.  At any rate, the kind folks at Bluetooth have officially released a new Bluetooth standard, meaning all things Bluetooth will be even easier than before.  Cool.

According to Bluetooth, the new standard, “Bluetooth Specification 2.1+ EDR” actually reduces the number of steps required to pair any Bluetooth device (*cough*MoGo Mouse*cough*) with any other device that’s also running the technology.  Yeah, consider even more time saved, bundled, and deposited promptly back into your life.  Isn’t convenience, um, convenient?

So, here are some things you can expect, appreciate, and love with the new Bluetooth:

• Improved Pairing - Yep, it got easier, less steps, less hassle.
• Lower Power Consumption - Yep, it uses lower power now, saving battery life and boosting that single charge 5 times longer.
• Improved Security - Yep, it has a new 6-digit passkey that should eliminate the “Man in the Middle” who gets in between you and your connection. (Jury still out on this one)

Stay tuned for more on this one…

Tags:Bluetooth, bluetooth device, mogo mouse power consumption

Share This