Schwarzenstupid: Governor cuts pay of state workers to punish legislators who are responsible for the budget problem -- Should have cut payments to illegal aliens first!
FINANCIAL & SOCIAL CATASTROPHE: WHO'S TO BLAME?

LOSING YOUR PRIVACY ONE DEVICE AT A TIME -- BLUETOOTH

Here in California we are seeing an explosion of communications devices that feature “Bluetooth” connectivity – especially in response to California Law which requires the use of “hands free” cellphones while driving. But the Bluetooth phenomenon is not limited to California as people want to interact with their mobile and computer devices using a personal network.

What is Bluetooth?

According to Wikipedia

“Bluetooth is a wireless protocol utilizing short-range communications technology facilitating data transmission over short distances from fixed and/or mobile devices, creating wireless personal area networks (PANs).”

‘The intent behind the development of Bluetooth was the creation of a single digital wireless protocol, capable of connecting multiple devices and overcoming issues arising from synchronization of these devices. Bluetooth provides a way to connect and exchange information between devices such as mobile phones, telephones, laptops, personal computers, printers, GPS receivers, digital cameras, and video game consoles over a secure, globally unlicensed Industrial, Scientific, and Medical (ISM) 2.4 GHz short-range radio frequency bandwidth.

As you can see, Bluetooth is a great idea for connecting portable devices located within a very short distance.

BlueJacking …

As with all technical devices, given the time, talent and motivation, techies, either for fun, profit or bragging rights will attempt to circumvent a device’s security to permit the interception of message traffic or to insert bogus information into the user’s traffic stream.

Unfortunately, people use their mobile devices and cellphones to transact important business and the compromise of those communications can have far-reaching and possibly disastrous consequences. Especially vulnerable are systems carrying medical, legal and financial information.

Imagine, if you will, a number of financial types chatting away in a financial district or doctors discussing a patients treatment near a hospital. While not every conversation may be exploitable by an eavesdropper, many people harbor voyeuristic tenancies and just like to listen to other people’s private conversations. 

Short range?

While equipment manufacturers like to claim that the effective range of their devices is relatively short, approximately 10 meters, this is not exactly true. Sensitive, tuned antennas and higher power transmitters are not uncommon among the hacker set. In some cases, reception has been recorded up to a mile from the source.

Default is your own …

Most relatively unsophisticated attacks are facilitated by the laziness, laxness or general unwillingness of users to read their manuals and simply accept the default values programmed into their devices by the manufacturer. In this case, the fault rests with the user for facilitating the attack.

The Bluetooth device does not need to be in active communications mode …

While listening to an actual conversation is certainly more interesting, one can also listen to an inactive Bluetooth device to receive any sound that can be picked up on its internal microphone. Thus you can hear much more than a conversation between two people.

How easy is it to get started …

Freely available on the Internet is a “proof of concept” computer program developed by the Trifinite Group, a group of European security consultants who released their Car Whisperer exploit of the Bluetooth protocol at the What the Hack computer security conference in Liempde, Netherlands.

The software allows Bluetooth devices to connect to a computer – even though they were programmed only to connect with cell phones or other specific devices. For those who want to research the subject or try out the software, it can be found on the Trifinite site.

While the Car Whisperer is a nice piece of work, it has been obsoleted by other programs (which will remain confidential) which attempt to crack the pairing codes and connect a rogue device to a Bluetooth-enabled system.

A demonstration by a security professional …

Are we being irresponsible by exposing some of the hacker’s  tools of the trade?

The short answer is no. The techies who are prone to carrying out such hacks already know how to do it, have the software and have published their results on the web for others of like interests.

What can YOU do?

First, become aware of the threats to your privacy and the privacy of others.

Second, read your manual when you set up your Bluetooth device or get professional assistance from someone familiar with the process.

Third, never accept the manufacturer’s default codes and select your own personal identification number (Pin code). Try to avoid easily guessed four digit numbers (0000, 1234, 4321, 1357, etc), numbers like your birth date (00/00) or the last four digits of your telephone number. Do not, under any circumstances, use part of your social security number or any other existing PIN. Some people find it convenient to use the same PIN number for all devices, including their ATM machine. This is an extremely bad idea.

And fourth, never include sensitive information in your routine telephone conversations unless it is absolutely necessary. Try to talk around the subject if at all possible using phrases like “that guy we met yesterday” instead of an actual name. Consider the implications of any conversation which may be eavesdropped.

If given the change, demand that your device's manufacturer extend the passcode from 4 digits to something much harder to crack in a short period of time. You cannot believe how fast a computer can transmit the digits from 0000 to 9999.

I personally think people who walk around with the in-ear devices with the blue light flashing look like jerks who must demonstrate their importance by being “connected” at all times. And when you consider it, the truly important people do not wear these devices, but have people who do.

And for the paranoid among you, just remember that the hackers are not the only ones intercepting your communications. It could be your wife’s attorney (even though Anthony Pellicano is still behind bars) or government investigators intent on discovering where you ate for dinner last night.

Remember: in this digital age, it is only a matter of time until the police start using cell phone records to round up everybody who may have been a potential witness to a crime based on their location at the time. Most phones in use today have GPS capabilities and the microphones can be activated without the user being any the wiser. Think about the recent case involving the use of an OnStar in-car system to listen to the occupants. Of course, OnStar denied it had happened – until the information came out in a court case.

Also, be thankful to “white hat” hackers and others who expose digital security flaws in a highly public manner so they may be corrected by the manufacturer.

-- steve

Quote of the day:  “A hat should be taken off when you greet a lady and left off for the rest of your life. Nothing looks more stupid than a hat.” -- P. J. O'Rourke

A reminder from OneCitizenSpeaking.com: a large improvement can result from a small change…

The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane. -- Marcus Aurelius


“Nullius in verba”-- take nobody's word for it!
"Acta non verba" -- actions not words

“Beware of false knowledge; it is more dangerous than ignorance.”-- George Bernard Shaw

“Progressive, liberal, Socialist, Marxist, Democratic Socialist -- they are all COMMUNISTS.”

“The key to fighting the craziness of the progressives is to hold them responsible for their actions, not their intentions.” – OCS

"The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius

“A people that elect corrupt politicians, imposters, thieves, and traitors are not victims... but accomplices” -- George Orwell

“Fere libenter homines id quod volunt credunt." (The people gladly believe what they wish to.) ~Julius Caesar

“Describing the problem is quite different from knowing the solution. Except in politics." ~ OCS

Comments