News

PDAs and mobiles left open to 'Bluesnarfing'

Businesses are at risk of losing confidential data to hackers asoffice workers leave their Bluetooth-enabled PDAs and mobile phones unsecured.

A survey of commuters in three central London railway stations found that one in 10 are travelling with mobile devices that are open to eavesdropping by hackers.

An engineer from security company Orthus, armed with a laptop computer and a free Linux software tool, was able to identify unsecured data held on hundreds of mobile devices as commuters travelled home.

Out of 943 devices identified at three London stations, 379 had been left on their default security settings and 138 were vulnerable to hacking attacks, known as Bluesnarfing.

Personal data including voice messages, address books, e-mails and diaries stored on mobile devices were extremely vulnerable to theft or manipulation, the company said.

Hackers could download the data or change it across open Bluetooth channels without the owners being aware, said managing director Richard Hollis.

About half the mobile devices left on their manufacturer's default security settings were vulnerable to Bluesnarfing, research revealed.

"Corporations need to consider adding PDA and mobile phone policies to their written corporate security policies and make sure their staff have been educated," said Hollis.

 

Protect yourself

To protect against bluesnarfing:

  • Don't enable Bluetooth unless it is required
  • Personalise the Bluetooth device name so that it does not contain model and manufacturing information
  • Only enable Bluetooth services you intend to use
  • If you need to leave Bluetooth enabled, ensure the visibility settings prohibit third parties from identifying the device

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy