[ISN] Crackdown begins on Bluetooth bandits
isn at c4i.org
Mon Mar 28 04:59:55 EST 2005
By: Binoo Nair
March 25, 2005
If a camera phone can catch you with your pants down, one with
Bluetooth can do the same - albeit figuratively - to your company.
Following the ban on camera phones in hotel lobbies, a crackdown has
begun on people who misuse the wireless technology called Bluetooth to
steal sensitive information from their employers and pass it on to
The Digital Due Diligence (DDD), a group of computer technologists
formed by the Federation of Indian Chambers of Commerce and Industry
(FICCI), has recommended that companies ban employees from using
Bluetooth-enabled cell phones, as they can be used to leak
confidential information to competitors.
The DDD will submit a white paper on the dangers of these smart phones
to companies across the country next week. FICCI formed the DDD after
auction portal baazee.com took the rap when the infamous Delhi Public
School MMS clip turned up for sale on its site.
Bluetooth, an essential component of today's hi-end 'smart phones', is
used to transfer information between devices without the use of wires.
While this makes it extremely convenient, it also leaves scope for
You could, for example, use it to access information (such as your
boss's email) on a computer remotely, and transfer sensitive files
from a PC to your phone. And since the technology is still new, little
can be done to prevent this.
"We have found that these smart phones are being used by employees to
carry out vital information from companies. And, so far, it is not
possible to track this sort of data theft," said Chirag Unadkat,
director of the DDD.
Explaining the risks of Bluetooth, Web security expert Vijay Mukhi
said, "An employee can access data on any computer, transfer it to a
smart phone and pass it on. He can steal information from his boss's
computer with almost no physical contact.
"Some phones can communicate with other Bluetooth devices from 100
metres away. This can leave companies wide open to industrial
espionage," added Mukhi, who is co-writing the white paper with
The threat is augmented by the fact that most companies, according to
Mukhi, are not even aware of the dangers of smart phones.
Both experts say that while it is not possible to ban smart phones
altogether, companies can bar them from vital facilities like the
Another option, they say, is disabling the Bluetooth and infrared
compatibility of the company's computers.
White paper proposals
* Be aware of the problem
* Password-protect your computer so that others can't fiddle with it
while you're away
* Banning smart phones in areas like server rooms and conference rooms
* Disable Bluetooth and infrared on your company's computers
* Install software that can keep a log of wireless transfers made from
(There is, however, no commercially available product that can do this.)
More information about the ISN