http://www.newscientist.com/news/news.jsp?id=ns99994041 Will Knight 11 August 03 A new software tool could allow sensitive data could be pilfered through the air from laptops, mobile phones and handheld computers. An eavesdropper can use the program to identify nearby devices that use the Bluetooth wireless protocol. If the gadget's default security settings mean the device is unprotected, data can easily be stolen. Bluetooth connects devices within a range of 15 metres and is now a standard feature on many devices. Ollie Whitehouse, a UK-based researcher with computer security firm @Stake, created the tool "Red Fang", to highlight the potential dangers of running poorly configured Bluetooth gadgets. He says many people may be unaware that they have Bluetooth installed and that security features are often switched off. "If you're sitting on an intercity train, you're going to have a lot of people around for a long period of time," Whitehouse told New Scientist. "You could try and find their Bluetooth devices and hack into them." War drive In recent years, there has been an explosion in the number of people using 802.11 wireless networks. This has led to wi-fi "wardriving", a craze in which people try to identify poorly secured networks by driving around with a laptop. Whitehouse suspects the growing prevalence of Bluetooth-enabled equipment could start another trend in wireless scanning. "It does require you to be in relatively close proximity for an extended period of time," Whitehouse notes. "But there's no reason why you couldn't do a scan for Bluetooth-enabled devices on a long-haul transatlantic flight." User friendly An improved version of Whitehouse's program was released at the start of August at the US computer security conference Defcon, held in Las Vegas. The improvements were made by Bruce Potter, a security expert with US think-tank The Shmoo Group. They make the program more user-friendly and allow it to scan through possible target addresses more efficiently. "Bluetooth security will become a real issue in the next year or two," predicts Potter. "There are currently more Bluetooth radios in existence than 802.11 radios, but most corporate security departments don't know the first thing about Bluetooth security." US research company Gartner estimates that around 161 million Bluetooth-enabled devices will be sold in 2003 alone. A Gartner report from September 2002 warned that Bluetooth's in-built security features may not be activated by many people, potentially leaving devices vulnerable to intrusion. The report recommended that companies instigate Bluetooth security policies to prevent data falling into the wrong hands. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 05:00:04 PDT