Bluetooth & Security
by Thiyagarajan Maruthavanan (Rajan)
As happens with many technologies Bluetooth has went through the same phases of being overestimated in the short term but underestimated over the long run. Though much of Bluetooth hype did not live up in early 2000 but today one finds a multitude of devices (most of them phones) having Bluetooth enabled in them. So with the penetration of the device it is definitely worthwhile now to carry out some of the earlier envisioned products and concepts. But there are huge security problem with bluetooth devices and these are problem associated with the design of the bluetooth specifications themselves that some applications are just not viable. As martin once very eloquently described that bluetooth networks are not designed to socially scale due to lack of identity collateral incorporated in them.
Security issues in bluetooth are so sever that majority of people keep their bluetooth in their mobile phones switched off. Now Activemedia would argue based on their pilot results that benefits of redeeming a coupon is greater than the costs of losing all your contacts plus SMS while your bluetooth is open. Well I think not!! Oh and if you think that it is just not possible to retrieve somebody ’s contacts, SMS or do any remote installation without the user’s permission through Bluetooth then think again. Bluesnarfing via Bloover might not work for all the bluetooth phones and also it might not be easy to read the obfuscated code java code to recompile for other platforms, but it is not impossible to read deobfuscated code. It is only slightly more difficult. That reminds me to point out that information security is as much of an economic problem as much it is a technical one and it is unfortunate that many security experts just don’t realize it. Only a selected few have realize this well, check out this article from Ross Anderson and also other essays and presentation from Schneier for more on this.