Bluetooth gear may be open to snooping.A recent article in The Wall Street Journal warned Bluetooth devices may be open to eavesdropping Secretly gaining unauthorized access to confidential communications. Examples include listening to radio transmissions or using laser interferometers to reconstitute conversations by reflecting laser beams off windows that are vibrating in synchrony to the sound in the room. . The wireless-communications standard, Bluetooth, was installed in 92 million headsets, cellphones, portable computers and other devices sold worldwide in 2004, and the number of such products is expected to more than double to 186 million this year, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. technology watchers at IDC Corp., Framingham, Mass. But two Israeli experts presented research that could give Bluetooth users pause, reported The Wall Street Journal. Although the researchers, Dr. Avishai Wool and Yaniv Shaked of Tel Aviv University Tel Aviv University (TAU, אוניברסיטת תל־אביב, את"א) is Israel's largest on-site university. , didn't try to build an eavesdropping device--and no Bluetooth breaches have been reported--the new findings are stirring concerns about the vulnerability of devices equipped with the technology. Using their research, security experts said, a device capable of tapping into Bluetooth gear could be built for about $2,000. The findings come at a time of broader concerns about wireless data security, said the article. Many experts consider the security features of Wi-Fi, a widely used wireless Internet-access standard, to be flawed. Child pornographers and fraudsters who don't want to leave a trail back to their own computers have been tapping into unsuspecting neighbors' Wi-Fi networks See wireless Ethernet and 802.11. to go online, the U.S. Secret Service said recently. Bluetooth technology has had other security problems manufacturers have repaired. This time, Wool and Shaked found a new flaw in the way Bluetooth devices keep transmissions secret. To link up two Bluetooth-enabled devices, such as a wireless headset See headset. to a cell phone, each device needs to know a special security code, as well as a set of randomly generated digits. But almost all the major headset Headphones combined with a microphone. Used in call centers and by people in telephone-intensive jobs, headsets provide the equivalent functionality of a telephone handset with hands-free operation. Many people use headsets at the computer so they can converse and type comfortably. makers, including Motorola Inc., Nokia Corp., Logitech International SA and the Jabra division of GN Store Nord AS, set the same security code on their headsets--0000--and it usually can't be changed by the consumer. Knowing that, an eavesdropper eaves·drop intr.v. eaves·dropped, eaves·drop·ping, eaves·drops To listen secretly to the private conversation of others. needs to figure out the random digits. Wool and Shaked said an eavesdropper could generate a special signal that would disrupt a Bluetooth connection and require the user to retype the security code, thus generating another random number--giving an opportunity for the listener to capture it. Using both that random number and the "0000" code, the connection could be tapped. Other Bluetooth devices, such as handheld computers A computing device that can be easily held in one hand while the other hand is used to operate it. The Palm devices are a popular example. See Palm, smartphone and palmtop. , allow users to type in their own security code. The longer the string of numbers, the more secure the connection--and the harder it is for a wireless hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. to figure it out. But instead of using a string of 16 letters and numbers--which is recommended by the group that develops Bluetooth standards--many manufacturers of the gear allow security codes of only four numbers. In the next version of its specifications, due out early next year, Bluetooth SIG Inc., the Bellevue, Wash., trade group that controls the technology, will issue recommendations making longer passwords easier for manufacturers to use, according to Joel Linsky, a radio engineer who heads the organization's standards working group. But "it's not an easy problem to solve," he said in The Wall Street Journal article. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion