mobile security

news, reviews and going's on in the world of mobile security

Personal Area Network Security - Bluetooth Security

Filed under: Mobile Device Security — webmaster at 5:57 pm on Sunday, February 25, 2007

bt.jpgI’ve noticed a few people have been in search of bluetooth security tips so I felt compelled to write a quick guide on ways in which you can minimise your exposure to mobile malware. Of course the best way to secure your bluetooth device is to just disable bluetooth itself, but in cases where this not possible I recommend you follow these simple steps:

1. Set Bluetooth Name To Hidden. From your bluetooth preferences, switch your bluetooth visibility to ‘hidden’. In most common cases this stops your phone from being discovered when scans for bluetooth devices are made. The downside of this is you need to enable discoverable mode when someone legitimately wants to send you something then disable discoverable mode once you’ve finished.

2. Secure Paring. When paring any bluetooth device, it should be carried out in a secure area (think top floor of a deserted parking lot at 2am!) Paring in public areas should be avoided. This is because when paring takes place, the two devices generate a shared key which then used for all subsequant communication. If somone can sniff that shared key, it is possible they too could pair with your deivce.

3. Choose a strong PIN. PIN lengths should be a minumum of 16 characters. In order to further strengthen the PIN, upper and lower case characters should be used (if possible) and also numbers. If it is not possible to use alphabetic characters and you are stuck to using numbers only, you should never use less than 12 digits - and that is an absolute minimum!

4. Unsolicited Connection Requests. Under no circimstances should you accept unsolicited connection requests. Mobile malware that propogates over bluetooth exhibits itself by making persistent repeated prompts until the person accepts the connection request. In some cases, the phone is unusable until such times as a) the infecting phone has moved out of BT range or b) the owner of the recieving phone has accepted the connection request and subsequantly accepted all the installation prompts. The problem with the latter is that even if you accept all and install all, once the malware is installed, your phone will still be prompted as common malware broadcasts to all devices that are in range.

Attackers almost always go for the weakest link. Following these steps will help them focus their attention on other people’s devices and not yours.

Closing thought: Like malware on PC’s, what is it with humans that makes the yes button so much more attractive than the no button?

No Tags
Powered by Gregarious (41) Google Reader or Homepage Subscribe Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online Subscribe in Rojo gritwire Add to Technorati Favorites!

1 Comment »

21850

Trackback by Valtrex prescription cheap.

29 October, 2009 @ 11:32 pm

Valtrex prescription cheap….

Valtrex prescription cheap….

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
Socialized through Gregarious 41