Bluetooth is a short-range communications standard intended to replace the cables that would otherwise connect portable communications devices; e.g., cell phones, laptops, etc.
Just about everyone seems to have a Bluetooth device, too. The first few times I saw persons walking down the street, apparently talking to themselves, I thought I might be dealing with an outbreak of mental illness. Then, I noticed the small blue device hooked to their ear. This is a Bluetooth device—one of the hundreds on the market.
Because Bluetooth has been so successful, hackers have naturally tried to circumvent its security protocols. There have been some spectacular security failures, the best known of which is a so-called "Bluesnarfing" attack that allows a hacker to remotely download the contacts list, diary, and stored pictures in Bluetooth-enabled cell phones. While cell phone companies say they’ve closed this security flaw, older Bluetooth phones (certainly those manufactured before 2004) may remain vulnerable.
Now, researchers have discovered another vulnerability. When your Bluetooth device is activated, an eavesdropper may be able to listen to your conversations—but only when you’re NOT using the phone. A modified radio scanner is all that’s needed to listen in on conversations. Someone can simply drive down the street with such a scanner, and when it detects a conversation broadcast by a Bluetooth device, listen to whatever’s being said. Essentially, the Bluetooth device acts as a microphone and transmitter, picking up whatever you say and broadcasting to anyone who with the equipment to monitor it.
What’s not yet clear is how far away the scanner can be from the Bluetooth device to monitor conversations on it. It’s at least 30 feet and I’ve seen one study that claims that broadcasts from more powerful Bluetooth devices can be monitored from 300 feet away, perhaps further. But again, the attack works only when you’re not using your phone.
To protect yourself, don’t use a Bluetooth device any more powerful than you really need. Small over-the-ear wireless devices have very low power and are difficult to monitor. But beware of larger units that connect to your vehicle’s cigarette lighter or are dashboard-mounted.
If you’re in the market for a Bluetooth device, look for one that requires you to press a button or otherwise manually synchronize the device before it’s used. Also, look for one that requires a PIN code and that allows you to change the PIN.
Finally, if you’re not sure whether your Bluetooth device can be monitored, turn it off when you’re not using it.
Copyright © 2007 by Mark Nestmann
