Potential security risks posed by Bluetooth wireless technology are prompting some IT managers to rein in use of Bluetooth-equipped mobile phones and PCs.
While Bluetooth vendors guide users on guarding their devices against hackers, such as setting devices in non-discoverable mode, several IT managers see a need to protect their networks from Bluetooth attacks by taking the same steps they took to secure their corporate wireless LANs.
For example, Bluetooth radios included in laptop PCs operate in the same 2.4GHz band as 802.11b WLANs and are turned on as a factory default setting. One IT manager ensures the radios are turned off before the systems go into use.
Another CTO plans to use a tool called Bluewatch from AirDefense Inc. to scan every device on his network and employees’ mobile phones for the presence of the wireless technology. He will then decide which devices should be allowed to run Bluetooth and access the network.
The Bluetooth Special Interest Group (SIG), a trade association based in Overland Park, Kan., is concerned about the technology’s vulnerability to the “bluesnarfing” attacks and another hacking technique called “bluejacking.” Bluejacking involves sending unsolicited text messages to other Bluetooth users. An estimated two billion Bluetooth-equipped devices could be in use by next year.
Patches are available for the phones that are at risk of being attacked, said a spokesperson for the Bluetooth SIG. He added that only a relatively small number of phones from Nokia Corp. and Sony Ericsson Mobile Communications AB are susceptible to bluesnarfing. Despite the current concerns, he claimed that Bluetooth “is more secure than any other wireless technology” because of the short transmission range of most devices and its 128-bit encryption capabilities.
Chris Kozup, an analyst at Meta Group Inc., said Bluetooth-equipped mobile phones can be particularly vexing for IT managers because many are bought by individual employees, making them harder to manage than corporate assets such as laptops.
— With files from Allison Taylor, IT World Canada