Bluetooth Security

In any wireless networking setup, security is a concern.
Devices can easily grab radio waves out of the air, so people
who send sensitive information over a wireless connection
need to take precautions to make sure those signals aren't
intercepted. Bluetooth technology is no different -- it's
wireless and therefore susceptible to spying and remote
access, just like WiFi is susceptible if the network isn't
secure. With Bluetooth, though, the automatic nature of the
connection, which is a huge benefit in terms of time and
effort, is also a benefit to people looking to send you data
without your permission.

Bluetooth offers several security modes, and device
manufacturers determine which mode to include in
a Bluetooth-enabled gadget. In almost all cases, Bluetooth
users can establish "trusted devices" that can exchange data
without asking permission. When any other device tries to
establish a connection to the user's gadget, the user has to
decide to allow it. Service-level security and device-level
security work together to protect Bluetooth devices from
unauthorized data transmission. Security methods include
authorization and identification procedures that limit the
use of Bluetooth services to the registered user and require
that users make a conscious decision to open a file or accept
a data transfer. As long as these measures are enabled on the
user's phone or other device, unauthorized access is
unlikely. A user can also simply switch his Bluetooth mode
to "non-discoverable" and avoid connecting with other
Bluetooth devices entirely. If a user makes use of the
Bluetooth network primarily for synching devices at home,
this might be a good way to avoid any chance of a security
breach while in public.

Still, early cell-phone virus writers have taken advantage of
Bluetooth's automated connection process to send out infected
files. However, since most cell phones use a secure Bluetooth
connection that requires authorization and authentication
before accepting data from an unknown device, the infected
file typically doesn't get very far. When the virus arrives
in the user's cell phone, the user has to agree to open it
and then agree to install it. This has, so far, stopped most
cell-phone viruses from doing much damage. See How Cell-phone
Viruses Work to learn more.

Other problems like "bluejacking," "bluebugging" and "Car
Whisperer" have turned up as Bluetooth-specific security
issues. Bluejacking involves Bluetooth users sending
a business card (just a text message, really) to other
Bluetooth users within a 10-meter (32-foot) radius. If the
user doesn't realize what the message is, he might allow the
contact to be added to his address book, and the contact can
send him messages that might be automatically opened because
they're coming from a known contact. Bluebugging is more of
a problem, because it allows hackers to remotely access
a user's phone and use its features, including placing calls
and sending text messages, and the user doesn't realize it's
happening. The Car Whisperer is a piece of software that
allows hackers to send audio to and receive audio from
a Bluetooth-enabled car stereo. Like a computer security
hole, these vulnerabilities are an inevitable result of
technological innovation, and device manufacturers are
releasing firmware upgrades that address new problems as they
arise.