Symantec New Zealand is giving IT managers and users in general some tips to make sure the Bluetooth presence in the workspace will not cause problems to businesses.
According to the Bluetooth Special Interest Group (SIG), Bluetooth weekly shipments passed the 5 million unit mark in Q2 2005, up from 3 million in Q3 2004. Most of this growth has been in the mobile phone and PDA markets. The SIG says that 20 percent of mobile phones now ship with Bluetooth wireless technology. In high-end business phones, the penetration rate is even higher, and by 2006, the majority of business-class phones will include Bluetooth.
But Bluetooth is not just for personal use in mobile phones, PDAs and laptops. More and more commercial applications are being released, such as vehicle systems for driver communications, hands-free calling and data capture. Hospitals are using wireless pulse oximeters, which reduce the likelihood of a patient accidentally removing the pulse receiver.
Several companies are implementing Bluetooth technology into their IT environments, enabling enterprise-class applications to increase productivity and improve the bottom line. Connected via Bluetooth wireless technology to the mobile phone’s data network, laptops can be truly mobile. Compared to other wireless solutions, such as 802.11, these laptops are not as constrained by local infrastructure, being able to roam to a much larger area.
Symantec is worried that now that it has gained significant deployment and is being used to power real-world business solutions, Bluetooth faces a problem common to all fast-emerging communications technologies: security.
While some risks may be due to current implementations or the protocol design, there are steps that can be taken to reduce risk. And Symantec recommends all organisations to take a proactive approach to mitigate potential security breaches.
Enterprises and mobile device users should recognise that Bluetooth comes in all shapes and sizes – security risks extend far beyond PDAs and smartphones. For example, some laptops ship with Bluetooth, potentially creating a back door into the enterprise when the laptop is connected to the LAN via Ethernet or WiFi.
CIOs and IT managers should not overlook how easy and inexpensive it is for employees to purchase accessories such as dongles in order to add Bluetooth functionality to a wide range of company-approved devices, including handsets, laptops and PDAs. These add-ons are similar to rogue access points in WiFi in the sense that they quietly create vulnerabilities in a network that appears to be secure.
Some simple steps are suggested:
Immediately identify any company-issued Bluetooth devices and alert users of known vulnerabilities.
Strengthen company IT policies to address Bluetooth.
Look for products with control over Bluetooth.
Consider tools for identifying and mitigating security risks.
IT managers can scan their networks for attached devices, including PDAs. They can also remotely disable Bluetooth in company devices. And enterprises should treat unauthorised Bluetooth PDAs, handsets and accessories like rogue access points: if employees understand the risks and vulnerabilities associated with Bluetooth usage, then they must accept accountability for opening back doors into the enterprise with unauthorised devices.