InstallationBluetooth hacked
Posted on January 3rd, 2007
This is not new, but a friend called me yesterday concerned about this, here is a small explanation. If your phone has Bluetooth enabled that means it can communicate with other devices through a wireless connection, for example, your Bluetooth headset. Your device has a security feature that allows 2 devices to communicate and secure the connection with a 4-digit number, from 0000 to 9999.
The problem
There is a program that allows an attacker to connect to your cellphone and start guessing the 4-digit number, if it is successful, the program will then lock on to the signal and give the attacker full access to your personal data and take control of your cellphone. All this can happen while your phone shows no activity of any kind.
Using your phone to steal your phone book and other info
This is the most simple attack, someone connects to your phone and copies all your stored information to their system.
Using your phone to connect to the internet.
The attacker can use your phone to connect to the internet and check email or use it for other purposes, if you have email on your phone, the attacker can read and copy all of your emails in a few seconds.
Using your phone to make expensive phone calls.
Some devices allow the software to run while making a call, this can allow an attacker to use your phone to make international calls or even worse, call to a pay-per-minute service setup by the attacker and making a long call without you even noticing, if they charge $5 per minute, a simple 10 minute call can generate a $50 charge on your next bill.
The solution
Well some phones have the ability to select which devices to connect to, therefore an attacker cannot connect. Another solution is turning off Bluetooth if you are not using it or if you don’t have a headset.
By far the best solution is not to use your phone to store personal information such as your SSN#, your bank account number or other info that might put you at risk.
Don’t use Bluetooth?
Not necessarily, the odds of being attacked like this are probably one in a million but it only takes one attack to realize the seriousness of the situation. It is always best not to use these wireless devices to store any information that you might consider important.
