Privacy pirates can tap your Bluetooth - That little hands-free device you love so much may be security risk
By Mike Celizic
Updated: 10:06 a.m. PT Aug 14, 2007
They’re all the rage these days, those little Bluetooth gadgets you hook on your ear to get wireless, hands-free connectivity to your cell phone. What many users may not be aware of, though, is that someone with the proper equipment may be able to listen to everything you say when you’re not using the phone.
“You’re more vulnerable than you think,” electronic security expert Jim Stickley told TODAY’s David Gregory during an appearance Tuesday.
To demonstrate how easy it is to eavesdrop, the co-founder of TraceSecurity took a camera crew out for a drive, during which he listened to conversations in nearby cars piloted by people who volunteered to serve as test subjects.
A simple device in Stickley’s car brought in nearby conversations loud and clear. He didn’t have to search for them or push any buttons. When the listening device detected a conversation broadcast by a Bluetooth device, it simply beamed it aboard.
Although manufacturers of Bluetooth devices say they build security measures into their products, Stickley said that isn’t necessarily so, especially in equipment at the lower end of the price scale.
Curiously, conversations over the phone can not be picked up. But when the phone isn’t in use, the Bluetooth device acts as a microphone and transmitter, picking up whatever you say and broadcasting to anyone who has the equipment – and the desire – to monitor it.
“The vulnerabilities have been there for a number of years,” Stickley said.
He said that the small devices that hook on your ear are generally safe. “They’re difficult to tap into,” he told Gregory.
The devices to beware of are the larger units that hook into the cigarette lighter of your car and mount on the dashboard.
What purchasers of the devices should look for are a button that has to be pushed to synch up the Bluetooth device and cell phone before they can be used. Devices should also require a PIN (Personal Identification Number) and allow you to change the PIN, he said.
If those features aren’t available, you’re vulnerable, and the only way to protect yourself is to turn them off when you’re not using them.
“It’s kind of the luck of the draw,” Stickley said when asked what advice he could give to those shopping for such devices. “For now, it’s apparently buyer beware. It should get to the point where you press the button and everything’s secure. It’s just not there yet."
“The higher-quality ones are generally more secure,” he added. “What you want to be looking for is something to that forces you to press that button for it to pair with your phone. That’s really your only safe bet. Otherwise it’s just an open microphone.”
© 2007 MSNBC Interactive