Wednesday, October 17, 2007

Unhealthy AND Not Private....What's Not To Love?



Your Cell Phone May Be Bugged...
Bluetooth is a short-range communications standard that replaces the cables that would normally connect your laptops, cell phones, etc.
Just about everyone seems to have a Bluetooth device these days. When they first became popular, I would see individuals walking down the street and apparently talking to themselves. At the time, I thought I was witnessing an outbreak of mental illness. Then, I noticed the small blue device hooked to their ear. This is a Bluetooth device - one of the hundreds on the market.
Because Bluetooth has been so successful, hackers have naturally tried to get around its security protocols. Bluetooth has had some spectacular security failures in its short lifetime. The best known was the so-called "Bluesnarfing" attack. It allows a hacker to remotely download your Bluetooth phone's contacts list, diary and stored pictures. While cell phone companies say they've closed this security flaw, older Bluetooth phones (certainly those manufactured before 2004) may remain vulnerable.
Now, researchers have discovered another weakness. When your Bluetooth device is activated, an eavesdropper may be able to listen to your conversations - but only when you're NOT using the phone. Hackers just need a modified radio scanner to listen in on your conversations. Someone can simply drive down the street with such a scanner. When it detects a conversation broadcast by a Bluetooth device, that eavesdropper can listen to whatever you're saying. Essentially, the Bluetooth device acts as a microphone and transmitter, picking up whatever you say and broadcasting to anyone with the equipment to monitor it.
It's not clear how far away the scanner can be from the Bluetooth device to monitor conversations on it. It's at least 30 feet and I've seen one study that claims that broadcasts from more powerful Bluetooth devices can be monitored from 300 feet away, perhaps further. But again, the attack works only when you're not using your phone.
To protect yourself, don't use a Bluetooth device any more powerful than you really need. Small over-the-ear wireless devices have very low power and are difficult to monitor. But beware of larger units that connect to your vehicle's cigarette lighter or are dashboard-mounted.
If you're in the market for a Bluetooth device, look for one that requires you to press a button or otherwise manually synchronize the device before it's used. Also, look for one that requires a PIN code and that allows you to change the PIN.
Finally, if you're not sure whether your Bluetooth device can be monitored, turn it off when you're not using it.

No comments: