Is your personal life being stolen one byte at a time?
There are an estimated 2.14 billion cell phones throughout
the world. Our cell phones wirelessly connect us to our
laptops, headsets, and PDAs with a micro chip and a set of
connection rules commonly called Bluetooth.
Bluetooth devices constantly announce their presence while
seeking permission to connect to each other. Bluetooth
enabled devices store the details of our personal and
professional lives. In the hands of the wrong person they
reveal where we will be, who we contact, and where we’ve been.
Society's moment to moment reliance on Bluetooth devices
begs the question of whether they are safe to use.
In 2005, two Cambridge University researchers,
Yaniv Shaked and Avishai Wool, demonstrated two ways for
an attacker to obtain personal identification numbers
(PIN) to gain access to your Bluetooth device.
They demonstrated two types of possible attacks during the
pairing of two Bluetooth devices. One attact was passive
and the other active. During a passive attack, the
attacker electronically eavesdrops during the pairing
process and intercepts the code and then cracks the PIN.
During an active attack a message is inserted during
into the communication that requires the users to resend
their PINs between devices. The attacker is then able to
intercept your PIN as you resend it.
If you have a Bluetooth enabled laptop or PDA you should
be doubly warned. Large numbers of laptops and PDAs are
stolen when they are left in their “visible” Bluetooth
state. When you leave your Bluetooth device in the
"visible" or "discoverable" state it actively broadcasts
its presence. Even if a thief doesn’t have your pin,
he can still detect the presence of your laptop or PDA
in your car or luggage. Technically savvy thieves can
detect laptops and PDAs when owners are absent.
Protect your personal data in your PDA and laptop by
following these five simple security recommendations.
First, don’t pair your wireless Bluetooth device in
highly active wireless network areas such as at airports,
malls, and schools. When you buy your Bluetooth device,
pair it in the privacy of your home or car. Most Bluetooth
devices have a range of 33 feet, so be keenly aware of
your surroundings in this circumference.
Second, pick long PIN numbers with a mix of letters and
numbers. It takes an attacker only a tenth of second to
crack a four-digit pin code, but it can take over a
lifetime to crack an eight digit PIN with letters and
numbers. Increasing your PIN can help ensure protection
your data for a lifetime.
Thirdly, activate the “hidden” mode of your Bluetooth
device. This makes your Bluetooth device hidden or
undiscoverable to others. Your other Bluetooth devices
can still connect to it while it remains invisible to
foreign devices.
Fourth, disable your Bluetooth devices when you're not
using them. You can disable your Bluetooth
connection on your laptop after downloading your calendar
to your PDA without interrupting other programs.
Five, reassign your default passwords when you activate
your new device. Default passwords can be found by
anyone online, so don't use your new device without
assigning it a new password first.
Finally, Bluetooth connections appear to be safe after
they are securely paired with another device. By pairing
your Bluetooth device in secure areas, increasing your
password length, and disabling “discovery” modes of
detection, you can eliminate most of the risks of using
Bluetooth devices. By following these recommendations you
will keep your private life just the way you want it
–private.
-Dan Tyler
|
