September 24, 2011

Cyber Security Firm Issues BlueTooth Security Warning

A data security firm from Finland is warning users that the poor quality and security of Bluetooth devices are making them easier to exploit, according to Reuters reports published Friday.

"Bluetooth radio technology is widely used to link cellphones to their accessories, and its security has not been considered a major problem," European Technology Correspondent Tarmo Virki wrote. "Codenomicon, however, said in a research paper that it found critical problems in all Bluetooth-enabled car-kits it tested this year."

According to a press release, the security solutions vendor said that robustness tests they conducted using "smart model based fuzzing tools" revealed "critical issues" in 80% of the devices tested. Furthermore, they revealed that each of the 10 devices they analyzed failed "with at least one test suite against a critical communication profile."

Representatives from Codenomicon said that the technology is "particularly vulnerable" against malformed input, a type of error that occurs when a series of input units is incorrectly formed. They report that these error types could cause Bluetooth devices to slow down, display unusual behavior, crash, or allow unauthorized access from cybercriminals.

Technology chief Ari Takanen told Reuters that the problems with the devices "are in the implementation. Coders make human mistakes."

He added that it was difficult for users to determine which types of devices were the most secure, noting that the "quality of the software is rarely visible to consumers."

Codenomicon notes that people typically do not worry about the security of Bluetooth devices, assuming that "the pairing process and conformance testing“¦ provide enough protection."

Additionally, these devices typically are not viewed as cybercrime targets, because in the past they had not provided access to private information. However, with modern automotive and healthcare technology starting to increasingly rely on Bluetooth, their potential vulnerability become a greater issue.

Mike Foley, Executive Director of the Bluetooth Special Interest Group (SIG), assured Reuters that the technology was safe, claiming, "One of the reasons these members pick Bluetooth wireless technology is because of the strong security Bluetooth technology can provide through effective implementations by the OEMs (original equipment manufacturers) who build these products."


On the Net: