Giving Your Phone the BluesBluetooth is a wonderful technology. It allows you to connect to headsets, sync up with cars or computers, and much more. However, Bluetooth is also one of the main security gaps by which hackers can get at your phone. There are three basic types of Bluetooth-based attacks:
Bluejacking is a relatively harmless attack in which a hacker sends unsolicited messages to discoverable devices within the area. The attack is carried out by exploiting Bluetooth's electronic business card feature as a message carrier. The hacker cannot access any information or intercept messages. You can protect yourself from these unsolicited spam messages by putting your phone into "invisible," or "non-discoverable", mode.
Bluesnarfing is much worse than bluejacking because it allows a hacker to get at some of your private info. In this type of attack, a hacker uses special software to request information from a device via the Bluetooth OBEX push profile. This attack can be carried out against devices in invisible mode, but this is less likely due to the time needed to figure out the device's name through guessing.
When your phone is in discoverable mode, a hacker can use the same entry point as bluejacking and bluesnarfing to try and take over your phone. Most phones are not vulnerable to bluebugging, but some early models with outdated firmware could be hacked this way. The electronic business card transfer process can be used to add the hacker's device as a trusted device without the user’s knowledge. This trusted status can then be used to take control of the phone and the data within.
Bluetooth: Far From High-RiskDespite the fact that Bluetooth is an entry point for some hackers, it is not a very serious security flaw. Updates to the phone's firmware and new security measures have made carrying out these attacks very difficult for hackers. Most hacking requires expensive software and hardware, making it unlikely that the average person’s device will be the target of an attack. (Learn about Bluetooth 4.0 in From Bluetooth to New Tooth: A Look At Bluetooth 4.0.)
Hands-On HacksWhile remote hacking poses a relatively remote risk, hackers can do a lot of if they get their hands on your phone. For one, they can manually set up a back door that will allow them to bluebug your device. Or, if they’ve had some time with the phone and have prepared ahead of time, they can attempt to clone your phone card and use your account on another phone – although this hasn’t really been proved to work and would require the phone's owner to be very gullible. So, while leaving your phone unattended is never a good idea, chances are that it will be stolen rather than hacked.
Old Dogs Learn New TricksSome of the most obvious cell phone security threats are the ones that have been adapted from computer hacking. Of these, two stand out as real problems for cell phones:
Phishing may be actually more effective on a mobile Internet browser because the smaller address bar makes it less likely that a user will carefully check the address before entering information. The best way to protect yourself from phishing is to enter important addresses – those for sites where you will be entering private information – from scratch.
- Malware Apps
Just as malware downloaded from the Internet can crack open your computer, malware apps can leave your phone exposed. The major app stores usually try to prevent malware apps from getting spread through their platforms, but malware apps do get through and can even be distributed through Web pages as a download. Common sense is a fair barrier against malware. Right now, the true extent of malware app penetration is unknown and may be exaggerated. (To learn more, check out The 5 Scariest Threats In Tech.)