Bluetooth security is (to put it mildly) something to be concerned about, given the number of smartphone and 
PDA users today. Professionals are constantly updating their portables, looking to take advantage of the latest time-saving and productivity- enhancing technology, which means that the number of Bluetoothenabled devices in use grows by the millions each year. And with that growth comes an exponentially increasing chance for such technology to be misused. The first generation of Bluetoothenabled phones, especially those from Nokia and Sony Ericsson, were especially susceptible to hacking attempts. The implementation of Bluetooth used on these phones left the devices open to numerous types of attacks, including Bluejacking, Bluebugging, and Bluesnarfing. As time has passed, these companies have updated the firmware for the affected equipment and have taken steps to correct these issues in the latest models of their smartphones—just in time for all new ones to crop up. But this time, it’s not just devices from certain manufacturers who are at risk. Every Bluetooth-enabled device is potentially at risk.
At a technology conference in Seattle in June of this year, two Israeli experts, Avishai Wool and Yaniv Shaked of Tel Aviv University, presented research that could affect every single Bluetooth user today. They showed that by using a custom-made Bluetooth eavesdropping device, a hacker could potentially gain access to a smartphone or PDA byinterrupting communications between such devices and their peripherals (a wireless headset, for example). The attacker could then send a message to the host device, pretending to be from the headset, and prompt the user to input the security code for the device and regenerate a PIN for it. From there, the hacker has all the information he needs to pair his device with the targeted device and potentially eavesdrop on calls, intercept emails, access data, and generally be where he shouldn’t. Other, less nefarious types of attacks have emerged as of late. DoS (Denial of Service) attacks affecting Bluetooth devices have become a common annoyance in some areas of the world. An attacker with a properly modified Bluetooth device (or perhaps a laptop with thecorrect software and a Bluetooth radio) can initiate a chain of repeating requests that jam the receivers of targeted devices. The purpose of these attacks is a simple one: pure annoyance. Bluetooth DoS attacks do not target the programs and data on a device; rather, they aim to drain the battery quickly and knock out any devices paired with the targeted host. Considering most of us leave our phones in our pockets or on our beltclips most of the time, we might not even 
be aware these attacks are takingplace until it is time to use our device. Which, of course, is too late. Attacks from Bluetooth hackers aren’t the only risks associated with Bluetooth. With a Treo 650 and the Bluetooth DUN (dial-up networking) program (or another hack found on the open internet), a user has the ability to pair their laptop or PC with the Treo and use it’s network access to surf the Web and send email. That sounds fairly harmless, until you bring this setup into the workplace. Security protocols in many corporate environments prevent employees from connecting to their personal ISPs via dial-up for purposes of keeping internal data secure. If an employee attempted independent connectivity in the past, it was fairly evident, as there would be cords connecting their computer to the cell phone or land-line. With the advent of Bluetooth DUN, their phone could be lying on the opposite side of the desk or even concealed, showing no evidence of an external connection to the Internet. Far be it for us to ever insinuate that an employee would have dark designs on the company’s data, but the real concern is not from insider information. Once an employee is connected to the outside Internet, they put their machine— and consequently the entire network—at risk from external hacks. For this reason, companies should evaluate their security and appropriateuse policies to compensate for this new risk.But what about your own personal security policy? How can you protect your device and the data it contains? Well, there are several steps you can take that will drastically reduce the risk that you will become a target of Bluetooth hackers. Turn off discoverable mode. Absolutely first and foremost, stay off of the radar. If your device isn’t discoverable, it’s not a target. Sure, a determinedhacker that has chosen you specifically as a target could potentially discover your device’s PIN and force an invitation or DoS attack, but this scenario is awfully rare because you would have to be a specific target. (Or the hacker in question would have to be extremely bored.) Only pair devices in private. To keep potential eavesdroppers from obtaining your PIN, avoid pairing your Bluetoothenabled devices in public. If, for some reason, your devices become unpaired while in a public area, try to wait until you are in a secure, private location before repairing them. Never pair with an unknown device. This sounds like common sense, but it’s something that still needs to be said. Unless you are actively using your peripheral, and somehow the individual radios separate by more than 10 meters, there’s a very slim chance that your device will simply be dropped. If you see a message appear on your device asking that you pair with something and you didn’t push any buttons or make plans to do so with another human being immediately beforehand, just say no. Walk away. Unless your attacker has invested vast amounts of time and money in a long-range Bluetooth transmitter/receiver, chances are great that they will be operating within standard Bluetooth range (within 10 meters [33 feet]). If you notice something wacky happening with your smartphone or PDA and don’t know what else to do, simply get up and move away. If you are on a bus, train, airplane, or other confined area, simply power off your device and wait to see who reacts. If you catch them, make sure to give them a dirty look.
