Saturday, June 11, 2011

Bluetooth Security Risks and Tips to Prevent Security Threats

BT Security Risks

  1. The first step in using any BT device is to turn on the BT feature in it. The default state of BT in any device is “Off” mode.
  2. Once BT is turned on, it is in active but dormant state. In order to use it, it needs to be put in to “Discoverable” state. In theory when a device is in “non discoverable” state it should not be visible to other devices but in reality the device is still discoverable to those devices it has made a connection before using MAC address. A hacker seeing the Blue LED can use Brute Force address discovery process to record the MAC address and hack the device using software such as RedFang.
  3. During communication process also BT technology exposes itself to security breach as the address itself is not encrypted although the message may be encrypted. Technique such as frequency hogging provides some protection but is not completely secure.
  4. There are devices available in the market which can capture a Bluetooth signal from the air and analyze. At present cost is prohibitive for casual hackers to acquire some of these devices but still a professional hacker can use those devices and hack vital information.
  5. Many owners leave the BT device in the discoverable mode after actual use due to ignorance or simply forget to turn off “discoverable” mode which gives hackers easy opportunity to pair with their device and hack.
  6. Pairing two BT devices usually does not require any authentication, however using a service like file transfer or data/video/voice exchange require some authentication by entering PIN. Once PINs are entered a link key is generated and stored in the device’s memory. This process is not required for next time onwards.
  7. Many vendors do not implement authentication and authorization process correctly allowing hackers to steal information or use one’s phone or use it for making calls or SMS.

Few Tips for using Bluetooth Securely

All of the above deficiencies leave a Bluetooth device vulnerable to security threats. Even though security gaps are being filled every day by the manufacturer and technologist, Following are some of the tips that a normal user can keep in mind and protect himself from an amateur BT hacker.
  • Keep BT in the disabled state, enable it only when needed and disable immediately after the intended task is completed.
  • Keep the device in non-discoverable (hidden) mode,
  • DO NOT accept any unknown and unexpected request for pairing your device.
  • Use non regular patterns as PIN keys while pairing a device. Use those key combinations which are non sequential, non obvious on the keypad.
  • Keep a check of all paired devices in the past from time to time and delete any paired device which you are not sure about.
  • Register your device at the Manufacturer site and insure that security updates are installed regularly to protect from previously know threat which had been rectified in new models.
  • Always enable encryption when establishing BT connection to your PC.
Above Bluetooth Security Tips should make your Bluetooth experience trouble free. Good Lock…!!!

 

 

0 comments:

Post a Comment