A group of Italian researchers conducted an experiment to assess the potential propagation of malware through Bluetooth enable devices. The BlueBag project consists of $750 worth of hardware capable of sniffing Bluetooth pico-networks, tucked inside an unconspicuous piece of luggage that they took to several public places such as an airport, a shopping mall, the university and a technical conference among others.
Luca Carettoni, Claudio Merloni, and Stefano Zanero published their results in the March-April 2007 IEEE Security & Privacy Magazine. In their own words:
…we tried to envision possible future attack scenarios involving targeted malware propagated through Bluetooth-enabled covert attack devices. We demonstrated the existence of a very high risk potential, created by low awareness, ever-increasing functionalities and complexity, and by the feasibility of targeted, covert attacks through Bluetooth-enabled malware.
Bluetooth networks are the most vulnerable when the devices are visible (discoverable mode), therefore keeping your phone in non-discoverable mode would be wise. Putting distance between you and the attacker does not necessarily helps because with custom antennae, sniffing can be successfully implemented over distances of over a mile.
Filed under: Bluetooth, Security, Technology
