Possibly even more worrying than the loss of personal or corporate data is the idea that the device could create a 'tunnel' through your perimeter and effectively invite an attacker into the room with you. Mobile phones have very good noise cancelling microphones built into them, and are designed to pick up sounds close by, but ignore background noise. Many of them are intended to be used as 'speaker-phones' when laid on a table or desk, or even carried in a shirt pocket. This makes them an ideal covert listening device. Imagine, then, if an attacker could switch on your phone's microphone and use it as a bug during a private meeting. Unfortunately, they can do exactly that... By having the phone initiate a GSM call and then transmit everything it hears, an eavesdropper can sit anywhere in the world and listen to every detail of the private conversation you thought was safe within the physical perimeters of your office. Once again, the attack vector is Bluetooth. The attacker that takes over the phone and initiates the call must be within a mile, but the GSM network will carry that call to anywhere in the world. Want to bug a man in London from an office in Tokyo? No problem.
Now this may all sound far fetched and the stuff of Hollywood spy movies, and, indeed, it has been called just that by some observers and members of the telecoms industry. However, independent tests and field trials have shown over and over again that significant numbers of devices are out there, in the wild, and totally vulnerable. My own tests have shown that it is more or less impossible to be out of range of a Bluetooth enabled device when in any densely populated area of the UK, and similar data exists for other parts of Europe. Of these devices, many of the older (but most popular) mobile phones are vulnerable, and these number in the hundreds of thousands if not millions. Again, my tests showed that during the evening rush hour on the London Underground, I was seeing a new potentially vulnerable device once every 10 seconds.
Having said all that, it's not all doom and gloom. The industry as a whole, and the Bluetooth SIG in particular, seem to be cleaning up their act and addressing the problems. The SIG have initiated a program of security testing at their regular “Unplug Fests” -the forum in which manufacturers get together to perform interoperability tests -and have raised the profile of security within their own roadmap and specification program to ensure that these issues are at the forefront of manufacturer's and developer's minds in the future.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.