p2pnet.net News:- The recent release of source code for the Cabir worm and the Bloover software prompted the Bluetooth Special Interest Group (SIG) to publish guidelines for secure use of Bluetooth devices.

Cabir infects only mobile phones running the Symbian Series 60 OS via Bluetooth wireless technology and can block normal Bluetooth connectivity and drain battery power from the infected phones, says SIG. But, “The only way for the virus to infect the phone is if the user actively accepts it,” says the group.

Bloover is a Java version of an existing tool that helps to identify security flaws in a few models of mobile phones. “The tool today is limited as to not allow hackers to conduct criminal acts or cause financial damage,” says SIG.

“However, if a user’s mobile phone is not updated, there is a potential someone could use Bloover to access the phone and copy contact information. To protect against this attack, the phone software can be updated by the manufacturer or the phone can be kept in a non visible mode.

Read on >>>>>>>>>>>>>>>>>>>>>>>>

An existing security feature of Bluetooth implementations requires that the user accept any contact made with his or her device. Cabir requires the user to acknowledge not just once, but several times, before the file will install and take effect. Users should not accept files from unknown or suspicious entities. Users should not download or install unknown or suspicious software. If the origin of the software is unknown, it should not be installed. If the device gives a security warning during installation, carefully consider if installation should continue.

Users of Bluetooth wireless technology who are concerned about the worm, and potentially other unsolicited user requests, should put their devices into a non visible mode so that they are invisible to other Bluetooth devices. This will have no major impact on device functionality and the user can continue to enjoy the benefits of Bluetooth wireless technology.

When pairing Bluetooth devices, users should do so in private and use long, alphanumeric pin codes to further secure their mobile phones.

Smart phone users should install appropriate anti-virus software, much in the same way they would on their computers. Anti-virus scanners are available through Symbian, F-Secure, McAfee, and Symantec.

Only a few mobile phones are susceptible to the vulnerability which can be identified by the Bloover software. Mobile phones shipped today are unlikely to have this vulnerability. Bloover and other tools from the same source can be used to identify vulnerabilities and to find out if the phone software needs to be upgraded. Users can contact their respective phone manufacturer to receive a software upgrade.

===================

See:-
source code – Bluetooth SIG Provides Guidance for Secure Technology Usage, January 7, 2005

This entry was posted on Tuesday, January 11th, 2005 at 6:37 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3577 times