Bluetooth technology was designed with security and privacy protection in mind. While Bluetooth standards have, by and large, prevented significant privacy issues, hackers have managed to capitalize on some system vulnerabilities.
Terms such as "bluejacking," "bluesnarfing" and "blue bugging" have been developed to describe various security vulnerabilities, and Bluetooth users should understand how Bluetooth privacy protection works and how they can lower their risk of falling victim to these security vulnerabilities.
Bluetooth devices use a SAFER cipher for encryption, which is considered a robust and hard-to-crack encryption code.
In addition, all Bluetooth devices have the following three privacy protection features:
In order for a Bluetooth headset to connect to another device, the two must be "paired," a process where the devices share a secret passkey. A trusted device has access to all services on a paired Bluetooth device. If your Bluetooth headset was paired with a Bluetooth stereo system, the two would have access to each other's services.
One of the best privacy protection options available on a Bluetooth device is to set the device to "non-discoverable." By default, the presence of a Bluetooth device is made known to all other Bluetooth devices in range.
If you don't want your Bluetooth headset or phone "visible" to other devices, set the device to non-discoverable instead.
Cell phones, PDAs and their accompanying Bluetooth headsets tend to have more privacy issues than other devices, in part because they are so common.
The software in cell phones and PDAs advances rapidly, and is beginning to rival the complexity of a personal computer. Experts recommend using the same privacy protection strategies you use for a computer on Bluetooth devices. This includes not downloading or installing software from unknown sources.
Advocates of Bluetooth claim that security problems with Bluetooth-enabled cell phones have more to do with phone manufacturers' faulty implementation of Bluetooth technology than with Bluetooth technology itself. Either way, users of Bluetooth devices should be aware of the following privacy issues.
Bluejacking is one of the least damaging Bluetooth privacy issues, although it can be a great annoyance to users. Bluejacking allows other phone users to anonymously send business cards to other people's phones.
Bluejacking is usually a prank: Instead of standard business card information, the card may have a joke or provocative comment (ranging from flirtatious to downright insulting).
To bluejack from a Bluetooth phone, the phone must be within range of a receiving phone. Originally, bluejacking was confined to text, but with advances in cell phones, bluejacking can now include sound and graphics (a feature that has made bluejacking a possible tool for so-called "guerilla marketing").
As Bluetooth devices become more complex, bluejacking may be able to transmit Trojan viruses, meaning that in the future a bluejacker might be able to send a virus to a Bluetooth headset a cell phone.
Bluesnarfing attacks are more serious privacy issues than bluejacking. Bluesnarfing describes the unauthorized access to and use of information available on a Bluetooth device. Devices targeted include cell phones, computers and PDAs.
Information targeted by bluesnarfing includes calendar schedules, text messages, address books, e-mails, contact lists and sometimes pictures or videos.
A bluesnarfing program may require the Bluetooth devices be paired, or it can hack into a device without pairing. The best privacy protection against bluesnarfing is to set your Bluetooth device to non-discoverable, as it greatly reduces the risk of unauthorized use.
Some cell phone models are especially vulnerable to bluesnarfing, so it's advisable to discuss the matter with a phone dealer before choosing a model.
Bluebugging attacks are privacy issues specific to cell phones and Bluetooth headsets. To succeed, bluebugging requires a skilled hacker with knowledge of Bluetooth privacy protection and protocols.
Bluebugging allows the hacker to gain access to a cell phone's commands and stored information. The hacker can perform a number of functions while in control of the phone, including:
In order to be effective, bluebugging must occur within range of the targeted cell phone.
Although Bluetooth privacy issues pale in comparison to viral and spyware threats to PCs and laptops, it's always wise to practice some privacy protection strategies. Here are some privacy protection tips that can help you reduce the risk to your Bluetooth devices:
In the event of a lost or stolen Bluetooth headset or other device, delete the missing device's paired information from all your other Bluetooth devices. Otherwise the missing device could be used to access paired devices.