Thankfully we do not have to contend with terror bomb attacks such as those unleashed on Londoners this week, but smash-and-grab attacks on our roads are all too familiar and frequent occurrences.
If you have not been the direct victim of a smash-and-grab attack, in all likelihood you have either witnessed one or know at least one person who has been a victim.
What makes these attacks especially shocking is they can happen at any time in almost any place and they are often carried out quite easily in broad daylight.
The loss of documentation and data is often the worst consequence of such attacks. Briefcases, laptops and mobile phones are much easier to replace than ID books, banking cards and electronic data.
Unfortunately, smash-and-grab attacks are not the only way personal data is vulnerable to attack and loss. Just as terrorists abuse technology to carry out terror attacks, others abuse technology to carry out bluesnarfing attacks.
Anywhere, anytime, without a trace
Like smash and grabs, bluesnarfing can take place any time, anywhere and result in a painful and even distressing loss of personal data. Anyone who has ever lost a mobile phone will agree that replacing the phone was much easier than recollecting all the telephone numbers that were stored in the phone that was lost.
Now there really is nowhere to hide. Even personal area networks are not safe from attack.
Warwick Ashford, portals managing editor, ITWeb
What is bluesnarfing? The technology-based equivalent of smash-and-grabs, bluesnarfing is the invasion of personal area networks. Typically, attackers use software tools to smash into Bluetooth-enabled phones and steal all contact details and other information, leaving no trace of the attack.
While London`s terror bomb attacks were breaking news around the world, I was watching a demonstration of how easy it is to break into a mobile phone and not only view the contents of the phone book and other data such as the telephone numbers associated with dialled and received calls, but also to delete the contents of phone books.
In our own backyard
Suddenly, bluesnarfing was not something vague that was referenced months ago on the Internet somewhere, but something being demonstrated live in my own backyard.
Question time was also an eye-opener with several businessmen admitting they had been bluesnarfed. One said he had been attacked several times, even after sending his handset to the manufacturers to be patched. It seems bluesnarfing is not something of the past, but happening all around us.
Before personal area networks have even had time to entrench themselves into our daily lives, they have become increasingly insecure. Now there really is nowhere to hide. Even personal area networks are not safe from attack.
Julian Williams, senior manager of the information systems assurance and advisory services department at Ernst and Young, insists the Bluetooth protocol is not insecure in itself, but warns that many implementations of that protocol are not secure.
What this means is that some models of mobile phone are more vulnerable to bluesnarfing attacks than others.
The sad truth, it seems, is that as mobile phones have become more like computers, they have also become more vulnerable to malicious attack in the form of bluesnarfing and viruses.
According to Williams, security in the personal area network is definitely a problem, particularly as there is still little or no real anti-virus and other software protection available for mobile phones.
Williams demonstrated that using software tools he says are easily available on the Internet and even through CD distributions, a rogue Bluetooth connection could be made within minutes to a mobile phone to read and delete the contents of the phone book and even place a call.
Take precautions
Are Bluetooth users as vulnerable to attack as smash-and-grab victims? The answer seems to be yes and no. 'Yes` in the sense that bluesnarfing is unpredictable, but 'no` in the sense that opportunities can be limited by taking a few basic precautions.
Williams advises that Bluetooth users should do an Internet search on the make and model of mobile phone they are using to make sure they have the latest version of the software or firmware for that particular phone. However, he warns that having the latest version of the software does not guarantee the user is safe.
Williams says the software for a particular model of a popular brand of mobile phone handset has not been updated by the manufacturers, despite a known vulnerability to bluesnarfing. In other words, the latest version of software available from phone makers is not a guarantee that the phone will be safe from attack.
Some handset manufacturers appear to have taken the vulnerability seriously and have promised to fix the problem in future models, but not all manufacturers have made such undertakings. It would probably be safer to assume your phone is vulnerable until you can prove otherwise.
Apart from downloading the latest software and finding out whether it is secure or not, Williams also advises users to turn on Bluetooth only when it is needed, thereby reducing the window of opportunity to break in.
Although Williams was using a mobile phone to illustrate the ease and speed with which bluesnarfing attacks can be carried out, it follows that other devices that use Bluetooth, such as laptop computers, may also be vulnerable.
It seems that Bluetooth users will have to get real about the threat and take the necessary precautions, or risk being bluesnarfed in broad daylight.
Share