Feeling blue on Oscar night
How to ensure that your data is safe when using a bluetooth-enabled device
On Oscar night, three employees of Los Angeles security consulting firm Flexilis joined the crowds outside the Kodak Theatre. They weren't interested in the stars; they were interested in their mobile phones.
According to a report in the New York Times, Flexilis used a laptop computer and a special antenna to scan the celebrities' phones from thirty feet away. They did not actually hack into any phones. However, as many as 100 phones may have been vulnerable.
Besides scanning address books, Flexilis also claims to be able to remotely log keystrokes on a Bluetooth keyboard and record phone conversations from Bluetooth headsets.
Bluetooth is a low-power, short-range wireless network that allows devices like phones, printers, keyboards and headphones to communicate with one another. While not inherently unsafe, it needs to be properly used to avoid risks.
There are three main vulnerabilities:
The risks at the moment aren't that great and they are probably limited to publicity stunts or James Bond scenarios. However, as Bluetooth becomes more widespread, it is worth taking a few basic precautions.
�They can't hack what they can't access.�
If your PDA, phone or laptop has a Bluetooth capability and you don't use it, switch it off. They can't hack what they can't access.
If you use Bluetooth, make sure that your devices are not left 'discoverable'. The exact details of how to do this vary, so (shock, horror) you'll need to read the manual.
Create secure trusted links between devices ('pairing') but don't do this in public in case someone is scanning you while you create the connection.
Do not accept files transmitted via Bluetooth from unknown or suspicious sources.
If you lose a Bluetooth-enabled device, delete the pairing from the rest of your devices in case a hacker tries to use it to make a connection.
If you have an older phone, check with the manufacturer to see if a software update is available. See The Bunker for a list of potentially vulnerable phones.