Who’s Mobile Phone Shall I Own Today?

There are just so many interesting attack vectors for mobile phones. To start with, obviously there's the threat of physical theft. It is usually a little obvious for a thief dressed in a striped black and white T-shirt to lift a desktop box out of your office building, or slightly easier to grab your laptop, but a small child could remove your mobile phone and wander down the road with it concealed. It is no longer James Bond who has exclusive rights to bugging. There are devices that allow you to set your mobile so that they appear to be off, leave the phone behind - say, in a conference room - and then call the phone unnoticeably and allow you to hear everything. Every criminal worth his salt knows about phones that go into "ghost" mode. Yes, there are solutions such as activity analysis, but these gizmos will cut a hole in your budget? Zaxx does not condone the use of bugging devices. And then we have Bluetooth. Bluetooth can be a security hazard on some phones. I'm not going to begin declaring that the sky is falling, and that Bluetooth on mobiles means that we're all doomed. However, it would be foolish not to realise or admit the obvious – it’s wireless, therefore it can be intercepted.

A security group made the news in 2005. One of their members stood near to the red carpet at the Academy Awards with a laptop and an antenna hidden in his backpack, and the results were to be expected In total, between 50 and 100 of the celebrities were vulnerable to bluesnarfing, bluejacking or bluebugging.

In November 2003, Adam Laurie of A L Digital Ltd reported serious flaws in the authentication and/or data transfer mechanisms on some bluetooth enabled devices.

Confidential data can be anonymously obtained, from some bluetooth enabled mobile phones. This data can include the entire phonebook and calendar as well as notes, spreadsheets and other files on the more complicated devices.

Also, additional to someone you know stripping bits out of your trusty mobile, it has been found that the complete memory contents of some mobile phones can be accessed by a previously "paired" device. This can happen even if it has since been removed from the paired listing. In essence, the entire device can be "backed up" to an attacker's own system.

This threat of "Bluejacking" is innocently promoting an environment which puts consumers and their contacts or businesses at greater risk from the above attacks.”

The website http://www.thebunker.net/security/bluetooth.htm, provides details and a list of vulnerable phones. And now that Bluetooth rifles (easily fabricated from cardboard tubes and silver foil) effectively extend the range of the technology up to a mile perhaps; things can only get more precarious. It would be worth your time to read these web pages and familiarize yourself with Bluetooth and its problems, as well as its advantages.

Are there any Bluetooth advantages? Oodles! It is ultra-cool, for sure. Automatically synchronising phone contacts with personal, networked or organisational computer contacts is undeniably attractive to the busy information worker on the go. The wireless headsets are also really nice in a designer style way. Transferring the risqué, plain rude or un-PC jokes and MP3 tracks is also handy (though potentially illegal). Bluetooth is just too useful to go away, but you can often find that the phone companies won’t mention it. It's up to security professionals, concerned individuals along with responsible website owners to educate users about the dangers of Bluetooth-enabled mobile phones and, in fact, non-Bluetooth phones as well. As mobile phones grow even more prolific and omnipresent and, consequently, phenomenally greater storage capacity, people are going to innocently store immense quantities of very valuable information on them, just as they grow potentially more accessible to the less scrupulous. When it comes to mobile phones, we're going to need to keep our eyes - and ears - on them constantly, except when driving, of course. Safe Bluetooth car kits can be found at Zaxx.co.uk and Zaxx.2u.co.uk.

Comments? Questions? Email Here

© HowtoAdvice.com

How to Advice .com