Pairing your cell with Bluetooth? Buyer beware
If a new hands-free driving law has forced you to buy a Bluetooth mobile phone headset, this advice from the U.S. government can help protect against getting "bluesnarfed."
I admit it; I've been in denial about my cell phone habit.
I'm a multitasker on the phone and I tend to make calls when I'm in transit. Why not get some of those calls I have to make out of the way while I'm walking or driving? (I really do try to not use the phone while on the bus so as not to annoy other passengers, but sometimes it just can't be avoided.)
Of course, I've known for months that I was going to have to curb the habit while driving because of the hands-free law that went into effect for drivers in California three weeks ago. But I have been resisting buying a cell phone headset for a number of reasons.
For one, I find those cyborg-like devices sticking out of peoples' ears to be tacky. I'm sorry, but I do. Seeing people talking to themselves when they are not obviously on the phone is just off-putting.
Secondly, I had heard about security problems with Bluetooth and didn't want to have to figure it all out. Security experts discussed the risks to Bluetooth users at the Last HOPE (Hackers on Planet Earth) conference in New York last weekend, warning people to change the default password, turn off the headsets when not in use, and limit access to the data when communicating with other devices.
I also thought that buying a headset would unnecessarily feed a habit that I'd rather cut back on. I don't really like long phone conversations and I easily over dose on talking on the phone because I do it so much for my job. For me, getting a headset would be like getting TiVo when you're trying to watch less television.
But when I found myself tempted to break the law recently, needing to make a call while driving, I realized it was time to get one.
So I bought a standard Motorola variety for less than $50 on Tuesday night. Apparently, I'm not the only one thinking this way--a new study has found that the hands-free law boosted Bluetooth device sales to four times the national average.
On Wednesday, the U.S. CERT (Computer Emergency Readiness Team) decided the Bluetooth security risk was serious enough to publish a security advisory about it.
"Depending upon how it is configured, Bluetooth technology can be fairly secure," the advisory said. "Unfortunately, many Bluetooth devices rely on short numeric PIN numbers instead of more secure passwords or passphrases."
Basically, any device that can "discover" another Bluetooth device can send unsolicited messages or do things that could lead to extra fees, data being compromised or corrupted, data stolen in an attack called "bluesnarfing," or the device being infected with a virus, the advisory said.
To protect against these risks, Bluetooth owners should disable the technology when it is not being used, disable unnecessary features, and switch it to "hidden" mode, CERT said. Using "hidden" mode won't prevent me from using my headset with my phone because once the two devices have located each other, or paired, they will continue to be able to recognize each other thereafter.
Bluetooth users should also be careful where they are using the technology. For instance, using it in a public wireless "hotspot" poses a greater risk that someone else can intercept the connection than using it in your home or car, according to the advisory.
Now all I have to do is get something to protect me from the Bluetooth device's electromagnetic frequencies (EMFs), which may or may not pose health risks.