'Rifle' Sniffs Out Vulnerability in Bluetooth Devices

John Hering and his BlueSniper rifle.

hide captionJohn Hering and his BlueSniper rifle, which he says can sniff out and hack Bluetooth-enabled wireless devices more than a mile away.

Humphrey Cheung/TomsNetworking.com

If you've used your cell phone today — or any other wireless device that uses Bluetooth technology — someone could be watching you.

John Hering, a student at the University of Southern California, has developed the BlueSniper rifle, a tool that looks like a big gun which can "attack" a wireless device from more than a mile away — several times the 328-foot maximum range of Bluetooth.

Protecting Bluetooth Devices

· Do not accept files transmitted via Bluetooth wireless technology or any other technology from unknown or suspicious entities.

 

· Put your device into a non-discoverable state (most devices have this option) so that you are invisible to other Bluetooth devices.

 

· Smart phone and PDA users should install anti-virus software, and keep it updated.

 

· Check for security patches from your phone's manufacturer and use these fixes to minimize your phone's vulnerability.

 

· When you buy your mobile device, read the manual to discover how to turn Bluetooth on and off, how to adjust security settings, and how to "pair" with other devices.

 

· Typically, when using two Bluetooth enabled personal devices, you establish a secure connection between them. Such "pairing" allows you full access on one device to the shared services on the other. Do not pair with unknown devices. That will give the unknown device access to all your services.

 

· You may be required to enter a PIN code in the pairing process. Choose long PIN codes and pair the devices in a private setting. If you are asked in a message to enter a PIN code, but are not sure what device sent the message, don't enter the code. It could be a disguised pairing request sent from an unknown, malicious device.

 

· If one of your Bluetooth-enabled devices is lost or stolen, unpair that device from all the devices to which it was previously paired.

Source: Bluetooth Special Interest Group

Hering, cofounder of a wireless security think tank called Flexilis, says he uses the "rifle" only to determine security vulnerabilities, not to actually hack wireless devices to obtain personal information.

"Whenever we're working on these tests, we never access anyone's data," he tells Michele Norris. "We're simply assessing the vulnerabilities and what's possible."

Hering says his goal is to boost awareness of the vulnerabilities in Bluetooth. But in laboratory testing, Hering says, his company has been able to access SMS messages, passwords, phonebook contacts and camera phone photos from Bluetooth-enabled phones.

According to IMS Research, by the end of 2005, the market of installed Bluetooth products will total about 500 million, double the number at the beginning of 2004. In addition to cell phones, Bluetooth-enabled devices include PDAs, computers, printers and cameras.

The industry's Bluetooth Special Interest Group says it takes security "very seriously." In a statement, the group says that "so far no security holes have been discovered in the Bluetooth specification itself. Vulnerabilities that have come to light either exploit the Bluetooth link as a conduit, much like the Internet to the PC, or are a result of the implementation of Bluetooth technology within the device — as such, we constantly work with our members to assist in implementing Bluetooth technology more effectively." Security flaws that are revealed "are typically solved by new software builds and upgrades," it says.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

Support comes from: