Step 2: Disable Bluetooth whenever possible

Most Bluetooth-enabled devices ship with the technology fully active. As soon as these devices are powered on,

they broadcast their Bluetooth device name, making their presence known (or discoverable) for others who might want to connect. Whether it's a smartphone or a laptop, this capability makes Bluetooth an attractive target.

To address this problem, disable a device's "discoverable" setting. An attacker can still force a discovery, but deactivating discoverability makes this somewhat more difficult. (The Bluetooth Special Internet Group says it will address the vulnerability in a new specification -- to be released in 2006.) Also, if your company creates its own client builds -- disk images -- for its PCs, set Bluetooth to be deactivated by default.

Of course, when two Bluetooth devices create a trusted relationship -- known as pairing -- at least one of them must be discoverable. However, device pairing is an infrequent activity, so it's best to keep the functionality deactivated whenever possible.


FIVE BLUETOOTH SECURITY BASICS

 Home: Introduction
 Step 1: Learn the lingo
 Step 2: Disable devices
 Step 3: Authentication and encryption
 Step 4: Acceptable use
 Step 5: User education



ABOUT THE AUTHOR:
Mathew Schwartz is a freelance writer, editor, and photographer based in Paris, France. He regularly contributes information security and corporate compliance stories to Enterprise Systems, Information Security magazine, and IT Compliance Now. His work also appears in numerous other publications, including the Times of London and Wired News. Other recent work includes a 235-page usability report on the world's top 10 intranets, coauthored for the Nielsen Norman Group. Corporate writing clients have included life-insurance firm SBLI, and Intel.
This was first published in May 2005

Dig deeper on Information Security Policies, Procedures and Guidelines

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close