Watch out Paris Hilton,…

"John Hering, a student at the University of Southern California, has developed the BlueSniper rifle, a tool that looks like a big gun which can “attack” a wireless device from more than a mile away — several times the 328-foot maximum range of Bluetooth."

John Hering, cofounder of a wireless security think tank called Flexilis (http://www.flexilis.com/) has created a device (called a "BlueTooth Rifle") to ascertain security vulnerabilities, but not to actually penetrate anyone’s phone. His stated goal is to boost awareness of the vulnerabilities, and no doubt, greatly increase privacy-conscious, mobile-device-toting celebrities to seek out his services.

As always, the technology group behind bluetooth and particularly manufacturers of BlueTooth-enabled cell phones want you to believe their technology is secure. But stories in the news this week (see: http://www.npr.org/templates/story/story.php?storyId=4599106) indicate otherwise.

Flexilis offers mobile device security services and consulting. Apparently a growing niche market after recent mobile device attacks such as the much publicized Paris Hilton hack.

A recent Wired News article (http://www.wired.com/news/privacy/0,1848,64463,00.html) reports that the BlueTooth technology wireless phones use can let an attacker remotely download address books, calendars and peruse text messages. Perhaps the scariest scenario is the claim that they could turn the device into a remote listening device and pick up private conversations when the phone is not in use.

BlueTooth Phones are most vulnerable when they are in "visible" or "discoverable" mode and BlueTooth functionality is enabled. This mode allows the phone to find other phones within its range to facilitate exchanging contacts and other information.

The public statements from BlueTooth cell phone manufacturers which I’ve seen all seem to have a common thread. With statements like, "the phone’s range is only 30 feet" and "most people don’t leave their phone in visible mode…", they are trying to downplay the issues rather than admit that serious problems exist. And quite frankly, not only is hacking cell phones likely to be a fun pursuit for a certain class of rogues, in a metropolitan area like DC, Manhattan or L.A., one could start a few scandals and definitely profit from the information found inside one of those BlueTooth devices.

This entry was posted on Wednesday, April 13th, 2005 at 5:27 pm and is filed under In The News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. | Permalink