Managing Bluetooth at work: Part 1

gallery

Click here to read part 2 of this feature.

Bluetooth wireless technology was invented in 1994, and launched on the world as a commercial and consumer application in 1999.

Treated by many at the time as just another clever idea that probably wouldn't last, it has become hugely successful and pervasive. Over one billion Bluetooth-enabled appliances have been shipped to date globally.

Its popularity is based on the way it allows a range of devices to communicate with each other over short distances, and connect to the Internet, without the need for wires, cables or connectors. It made its name with mobile phones, but now reaches, often unseen, into many corners of business, home and public life.

Bluetooth radios are built into the products of over 3,000 companies, from the phone and PC vendors you'd expect to niches like car manufacturing and sewage plant construction.

"Bluetooth growth rates have been phenomenal," says Scott Bibaud, vice president of communications with chipset vendor Broadcom. "I consider it to be the most successful and popular wireless technology ever launched."

In the first of a two part guide to getting the most out of Bluetooth in the enterprise, we look at an important consideration for many organisations - security. In the second part we'll consider the operational side to maximising the technology's potential.

Security

Although popular and successful, Bluetooth technology has always posed a security challenge, both perceived and real, to users of devices and managers of the networks they attach to.

"People have been asking us questions about Bluetooth security from its launch in 1999," says Stephen Evans, managing director of Brainboxes, a developer of Bluetooth-based solutions for a variety of industrial and public sector applications.

But what dangers does it really pose? How easy is it for someone with malicious intent to gain access to data on a Bluetooth-enabled device? Is it more or less vulnerable than other wireless technologies?

We'll consider Bluetooth security in two parts. First, we'll assess the risk. Then we'll suggest ways of dealing with it.

The risk

Bluetooth security is often in the news. Security consultants Thierry Zoller and Kevin Finistere made headlines in October when they demonstrated a Windows-based hacking tool called BTCrack. They claimed it can get past Bluetooth wireless security measures pretty much in real-time.

They say that BTCrack is the kind of tool that allows potential hackers to seek out a user's Bluetooth PIN, the code that creates a link between two devices, as well as the 128-bit 'link key', which between them give anyone the way in to potentially valuable and sensitive user data.

There's a lot that users can do to help prevent this sort of problem, say Zoller and Finistere. But alarmingly they revealed just how much users are part of the problem - unaware often that they are broadcasting Bluetooth signals, in fact occasionally unaware that their device even has a Bluetooth radio onboard.

It's a trap that security professionals can fall into themselves, never mind ordinary civilians. In June of this year, anti-virus company Kaspersky Lab did research in London over three days, finding in the process 2,000 Bluetooth-enabled devices in 'visible to all' mode, the setting a hacker needs to attack the device. Around half of these unsecured devices were discovered at InfoSecurity 2006, an event you'd expect to be attended by some of the most security conscious people in the country.

Email to a friend

Print this page