Bluetooth article

Archived from groups: alt.cellular.verizon (More info?)

> *PHREAKS LOVE BLUETOOTH
> Bluetooth is becoming the vector of choice for next-generation phone
> phreakers to swipe files from other users, make calls or render
> mobile phones completely useless.
> By Mark Baard, Contributing Writer
>
> Bluetooth, the specification for wirelessly connecting with devices
> up to 30 feet away, is becoming the vector of choice for
> next-generation phone phreakers, who use the technology to swipe
> files from other users, make calls or render mobile phones completely
> useless.
>
> Much of the malicious code and attacks can be stopped by users making
> their devices "undiscoverable," according to security experts. In
> undiscoverable mode, mobile device users can connect to Bluetooth
> headphones, for example, while remaining invisible to other devices.
>
> But fast-spreading worms and viruses may outpace the release of more
> secure devices -- and efforts by IT to educate users. Not to mention
> users of Bluetooth devices don't always want to remain invisible.
>
> Mobile phones are more ubiquitous than PCs, and mobile workers are
> storing more data than ever on their handheld gadgets. And like their
> corded, and weighty, desktop predecessors, Bluetooth-enabled phones
> are potential targets for widespread attacks.
>
> The recent news about the emergence of the SymbOS.Cabir worm, which
> affects devices using the Symbian OS, will only invite more trouble
> for mobile device users, said the IT director of one highly mobile
> organization.
>
> "Just as exploits of [Microsoft's software] follow the announcements
> of new vulnerabilities, news about Bluetooth viruses and exploits
> will get more hackers interested in its weaknesses," said Steve
> Conley, IT director for the Boston Red Sox. "If in a few months a lot
> of people get caught with their pants down, it would not surprise me
> one bit."
>
> Antivirus experts at Finland-based F-Secure Corp. were among those
> surprised by the outbreak of a virus affecting users of mobile phones
> running the Symbian OS.
>
> When F-Secure received reports of virus-infected handheld devices in
> the Philippines, the company's antivirus research team thought
> someone had his facts wrong.
>
> "We were blowing them off," said Mikko Hypponen, director of
> antivirus research at F-Secure. "They were secondhand accounts. They
> just didn't seem credible."
>
> Then a close associate of the F-Secure antivirus research team called
> from Singapore to report that a device at the Shangri-La Hotel was
> trying to install a virus on his phone via Bluetooth. Soon
> thereafter, another infected Bluetooth device, at a nearby Singapore
> Starbucks, made a similar attempt to spread the virus, the
> SymbOS.Cabir worm.
>
> The United Arab Emirates, Beijing, New Delhi and Finland came next.
>
> Hypponen said he knew that viruses would eventually turn up on phones
> using the Symbian OS and other mobile operating systems. "We just
> weren't thinking Bluetooth would be the first technique," said
> Hypponen.
>
> Not long ago, people used mobile phones for making calls, and little
> else, said Bluetooth Special Interest Group executive director
> Michael Foley.
>
> And Bluetooth was strictly a specification for connecting peripheral
> devices over short distances. "A couple of years ago," said Foley,
> "it was how you bought the device [that determined] how you used it.
> We're in a whole new world now."
>
> Bluetooth aficionados now regularly use the technology to share
> contacts, make dates, and even meet new people. Young people often
> engage in Bluejacking, the non-malicious beaming of images and text
> messages to unsuspecting -- and often delighted -- recipients.
>
> Bluetooth SIG, which publishes the Bluetooth specification, will be
> improving security in its next release, toward the end of 2005,
> according to Foley.
>
> The changes, which include longer, alphanumeric PINs and better
> encryption for Bluetooth devices, may be fraught with their own
> problems, said Mark Rowe, IT security consultant at Cheshire,
> U.K.-based Pen Test, Ltd. "But any move towards improving security is
> a good thing," he said.
>
> "Ellie," a Bluejacker from Surrey, U.K., hopes that not too many
> mobile users will take the first step to securing their devices --
> making them undiscoverable.
>
> That would spoil the fun for Ellie, who publishes the Web log
> BluejackQ.com. But she conceded that unethical Bluejackers could
> launch denial-of-service type attacks at mobile users from a laptop.
>
> "It's great fun to receiving a Bluejacking message," said Ellie. "I
> don't want to say set yourself undiscoverable. But if you are really
> worried about security, then you probably should."