Bluetooth Cavities

As I’m sure most of you know, Bluetooth is a wireless networking standard that uses radio frequencies to set up a communications link between devices. The name comes from Harald Bluetooth, a 10th-century Danish king who united the provinces of Denmark under a single crown—just as Bluetooth, theoretically, will unite the world of portable, wireless devices under a single standard. Why name a modern technology after an obscure Danish king? Here’s a clue: two of the most important companies backing the Bluetooth standard—L.M. Ericsson and Nokia Corp.—are Scandinavian.

But all is not so rosy in the Bluetooth kingdom these days. The promises of a Bluetooth-united world have become stuck in the mud of unfounded hyperbole, diminished expectations, and security loopholes. It’s the last of those concerns that has the Bluetooth community reeling, as one security breach after another has appeared and been duly exploited. For our purposes, these so-called Bluetooth cavities have generated a pleasing vocabulary of new words and phrases to name and describe them.

In February 2004’s Technically Speaking, I told you about the practice of bluejacking: temporarily hijacking another person’s cellphone by sending it an anonymous text message using the Bluetooth wireless networking system. In a world where the only sure things are death, taxes, and spam, it won’t surprise you one bit that people have bluejacked nearby devices to send them unsolicited commercial messages, a practice called, inevitably, bluespamming. (In a recent survey by the British public relations firm Rainier PR, 82 percent of respondents agreed that spam sent to their mobile phones would be “unacceptable.” My question is: who are the 18 percent who apparently would find it acceptable?)

In that February column, I also told you about warchalking, using chalk to place a special symbol on a sidewalk or other surface that indicates a nearby wireless network, especially one that offers Internet access. Now black-hat hackers are wandering around neighborhoods looking for vulnerable Bluetooth devices. (Randomly searching for hackable Bluetooth devices is called bluestumbling; generating an inventory of the available services on the devices—such as voice or fax capabilities—is called bluebrowsing.) When they find them, they’re chalking the Bluetooth symbol (the Nordic runes for the letters H and B, for Harald Bluetooth) on the sidewalk, a practice known as bluechalking.

Bluetooth crackers have recently learned to exploit problems in the Object Exchange (OBEX) Protocol, used to synchronize files between two nearby Bluetooth devices—a practice called pairing, which is a normal part of the Bluetooth connection process, but in this case it’s done without the other person’s permission. Once pairing is achieved, the crackers can copy the person’s e-mail messages, calendar, and so on. This is known as bluesnarfing, and the perpetrators are called bluesnarfers. (The verb to snarf means to grab or snatch something, particularly without permission. It has been in the language since about the 1960s.)

A different Bluetooth security breach enables miscreants to perform bluebugging. This lets them not only read data on a Bluetooth-enabled cellphone but also eavesdrop on conversations and even send executable commands to the phone to initiate phone calls, send text messages, connect to the Internet, and more.

In the harmless-but-creepy department, the unique hardware address assigned to each Bluetooth device provides the impetus behind bluetracking, which is tracking people’s whereabouts by following the signal of their Bluetooth devices. (Why anyone would want to do this remains a mystery, but most if not all of these hacks are forged by people who clearly have way too much time on their hands.)

Perhaps the weirdest of the recent Bluetooth hacks is the BlueSniper, a Bluetooth scanning device that looks like a sniper rifle with an antenna instead of a barrel. Point the BlueSniper in any direction and it picks up the signals of vulnerable devices up to a kilometer away (compared with the usual Bluetooth scanning distance of 10 meters). And, of course, the BlueSniper also lets you attack those distant devices with your favorite Bluetooth hack.

Not all recent Bluetooth developments have been security lapses. In 2004, the news wires and blogs were all aflutter over a new British phenomenon called toothing. Allegedly, complete strangers had been using their Bluetooth phones or PDAs to look for nearby Bluetooth-enabled devices and then sending out flirtatious text messages that supposedly led to furtive sexual encounters. Outrageous? Yes. True? Nope. The whole thing turned out to be a hoax.

Will all the negative stories lead to a Bluetooth backlash? Proponents of the networking standard say no, since the way to avoid almost all Bluetooth security hacks is to set up your device so that it’s not discoverable—that is, it’s not available to connect with other devices. In other words, the future of the Bluetooth standard may rest on a simple time-honored principle: “Just say no.”