The Bluetooth Special Interest Group (SIG) has published guidelines for secure use of Bluetooth technology, following the release of the source code for the Cabir worm and the Bloover software. The group suggests that users should be alert and use the technology resources to keep devices safe.
Bluetooth is intrinsically safe, and most of times a connection is only possible if both devices are authenticated. Also, companies licence their Bluetooth software, so different implementations may have different behavior. These are some of the recommendations:
An existing security feature of Bluetooth implementations requires that the user accept any contact made with his or her device. Cabir requires the user to acknowledge not just once, but several times, before the file will install and take effect. Users should not accept files from unknown or suspicious entities. Users should not download or install unknown or suspicious software. If the origin of the software is unknown, it should not be installed. If the device gives a security warning during installation, carefully consider if installation should continue.
Users of Bluetooth wireless technology who are concerned about the worm, and potentially other unsolicited user requests, should put their devices into a non visible mode so that they are invisible to other Bluetooth devices. This will have no major impact on device functionality and the user can continue to enjoy the benefits of Bluetooth wireless technology.
When pairing Bluetooth devices, users should do so in private and use long, alphanumeric pin codes to further secure their mobile phones.
Smartphone users should install appropriate anti-virus software, much in the same way they would on their computers.
Only a few mobile phones are susceptible to the vulnerability which can be identified by the Bloover software. Mobile phones shipped today are unlikely to have this vulnerability. Bloover and other tools from the same source can be used to identify vulnerabilities and to find out if the phone software needs to be upgraded. Users can contact their respective phone manufacturer to receive a software upgrade.
Cabir is a worm designed to infect only mobile phones running Symbian Series 60 operating system via Bluetooth wireless technology. There are currently 10 known versions of the worm, Cabir. A through .J. Most versions of the worm must be accepted and installed by the receiver. It is capable of blocking normal Bluetooth connectivity and draining the battery power from the infected phone. The only way for the virus to infect the phone is if the user actively accepts it. As in any computing device, it is strongly recommended that users do not download or install unknown or suspicious software.
Bloover is a Java version of an already existing tool that helps to identify security flaws (bluesnarf and bluebug) in a few models of mobile phones. The tool today is limited as to not allow hackers to conduct criminal acts or cause financial damage. However, if a userís mobile phone is not updated, there is a potential someone could use Bloover to access the phone and copy contact information. To protect against this attack, the phone software can be updated by the manufacturer or the phone can be kept in a non visible mode.