In association with heise online

Putting it to the test

An in situ test clearly showed that most recipients do not really understand what they are being offered. Young people especially hang out in fast food restaurants for lunch and are happy to utilise this free service. The potential clientele is even larger at cinemas or events. Positioned about 10 metres away with Bluetooth activated on our laptop, we provided passers-by with a second file-sending Bluetooth hotspot. All that can be seen on the phone screen is that a message has been received. It is not clear whether it's an image, a video, an executable file or even a virus.

image 2 [236 x 270 Pixel @ 13 KB]
if the application appears interesting, users will often accept installation after repeated invitations to do so.

In our test, 4 of 10 recipients were prepared to install the software we had sent them, without knowing what it was. None of the mobile phone users who had accepted the file had a problem with the fact that the software did not have a valid certificate. In our test no information on the Bluetooth hotspots was displayed and staff at the location were also unable to give us any information. Naturally the test file we used in the test was not a virus, just a calculator application which had been renamed. However, it permitted us to test whether users were informed about mobile phone viruses and whether the name at least would put users off.

Bluecell Networks state that it is easy for the user to determine who they are receiving stuff from. There is, the company says, clear information on the presence of a beamzone, which has a range of only a few centimetres. A user would therefore have to consciously move into the zone and consent to receive messages. The name of the zone would also be clear and the sent applications would always have a digital certificate from Verisign. Bluecell Network's general manager Rainer Rother admits, however, that as with all security measures it is up to the user to decide whether all necessary conditions are met.

Outlook

In the future, people should pay more attention to security of mobile phones or other Bluetooth devices, because technologies such as beamzone are likely to become established as marketing instruments. Nowadays everyone knows that executable files sent as e-mail attachments on their PC shouldn't be trusted. The same problem applies with mobile phones; however, the level of awareness is, at least at present, much lower. Without a mobile phone virus scanner, currently the only effective means of protecting yourself from Bluetooth attacks is to deactivate the interface. Bluetooth should only be activated when it's needed. Users should also only accept files from senders who are right in front of them. Users should not even open messages which drift in via Bluetooth and whose origins are unclear. The manufacturers of mobile devices such as mobile phones and PDAs should pay more attention to wireless communications security and create technical opportunities for normal users to be able to recognise potential threats. (dab)

Print Version | Permalink: http://h-online.com/-747199
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit