[ISN] Many Bluetooth gadgets open to wireless snooping

From: InfoSec News (isnat_private)
Date: Tue Aug 12 2003 - 02:27:17 PDT

  • Next message: InfoSec News: "[ISN] Navy unifies its monitoring networks"

    http://www.newscientist.com/news/news.jsp?id=ns99994041
    
    Will Knight
    11 August 03 
    
    A new software tool could allow sensitive data could be pilfered
    through the air from laptops, mobile phones and handheld computers.
    
    An eavesdropper can use the program to identify nearby devices that
    use the Bluetooth wireless protocol. If the gadget's default security
    settings mean the device is unprotected, data can easily be stolen.  
    Bluetooth connects devices within a range of 15 metres and is now a
    standard feature on many devices.
    
    Ollie Whitehouse, a UK-based researcher with computer security firm
    @Stake, created the tool "Red Fang", to highlight the potential
    dangers of running poorly configured Bluetooth gadgets. He says many
    people may be unaware that they have Bluetooth installed and that
    security features are often switched off.
    
    "If you're sitting on an intercity train, you're going to have a lot
    of people around for a long period of time," Whitehouse told New
    Scientist. "You could try and find their Bluetooth devices and hack
    into them."
    
    
    War drive
    
    In recent years, there has been an explosion in the number of people
    using 802.11 wireless networks. This has led to wi-fi "wardriving", a
    craze in which people try to identify poorly secured networks by
    driving around with a laptop.
    
    Whitehouse suspects the growing prevalence of Bluetooth-enabled
    equipment could start another trend in wireless scanning.
    
    "It does require you to be in relatively close proximity for an
    extended period of time," Whitehouse notes. "But there's no reason why
    you couldn't do a scan for Bluetooth-enabled devices on a long-haul
    transatlantic flight."
    
    
    User friendly
    
    An improved version of Whitehouse's program was released at the start
    of August at the US computer security conference Defcon, held in Las
    Vegas. The improvements were made by Bruce Potter, a security expert
    with US think-tank The Shmoo Group. They make the program more
    user-friendly and allow it to scan through possible target addresses
    more efficiently.
    
    "Bluetooth security will become a real issue in the next year or two,"  
    predicts Potter. "There are currently more Bluetooth radios in
    existence than 802.11 radios, but most corporate security departments
    don't know the first thing about Bluetooth security."
    
    US research company Gartner estimates that around 161 million
    Bluetooth-enabled devices will be sold in 2003 alone.
    
    A Gartner report from September 2002 warned that Bluetooth's in-built
    security features may not be activated by many people, potentially
    leaving devices vulnerable to intrusion. The report recommended that
    companies instigate Bluetooth security policies to prevent data
    falling into the wrong hands.
     
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 05:00:04 PDT