Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Crackdown begins on Bluetooth bandits

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Crackdown begins on Bluetooth bandits
Date: Mon, 28 Mar 2005 03:59:55 -0600 (CST) 
http://ww1.mid-day.com/news/city/2005/march/106245.htm

By: Binoo Nair 
March 25, 2005 

If a camera phone can catch you with your pants down, one with 
Bluetooth can do the same - albeit figuratively - to your company. 

Following the ban on camera phones in hotel lobbies, a crackdown has 
begun on people who misuse the wireless technology called Bluetooth to 
steal sensitive information from their employers and pass it on to 
competitors.

The Digital Due Diligence (DDD), a group of computer technologists 
formed by the Federation of Indian Chambers of Commerce and Industry 
(FICCI), has recommended that companies ban employees from using 
Bluetooth-enabled cell phones, as they can be used to leak 
confidential information to competitors.

The DDD will submit a white paper on the dangers of these smart phones 
to companies across the country next week. FICCI formed the DDD after 
auction portal baazee.com took the rap when the infamous Delhi Public 
School MMS clip turned up for sale on its site.

Bluetooth, an essential component of today's hi-end 'smart phones', is 
used to transfer information between devices without the use of wires. 

While this makes it extremely convenient, it also leaves scope for 
misuse.

You could, for example, use it to access information (such as your 
boss's email) on a computer remotely, and transfer sensitive files 
from a PC to your phone. And since the technology is still new, little 
can be done to prevent this. 

"We have found that these smart phones are being used by employees to 
carry out vital information from companies. And, so far, it is not 
possible to track this sort of data theft," said Chirag Unadkat, 
director of the DDD.

Explaining the risks of Bluetooth, Web security expert Vijay Mukhi 
said, "An employee can access data on any computer, transfer it to a 
smart phone and pass it on. He can steal information from his boss's 
computer with almost no physical contact. 

"Some phones can communicate with other Bluetooth devices from 100 
metres away. This can leave companies wide open to industrial 
espionage," added Mukhi, who is co-writing the white paper with 
Unadkat.

The threat is augmented by the fact that most companies, according to 
Mukhi, are not even aware of the dangers of smart phones. 

Both experts say that while it is not possible to ban smart phones 
altogether, companies can bar them from vital facilities like the 
server rooms. 

Another option, they say, is disabling the Bluetooth and infrared 
compatibility of the company's computers.

White paper proposals

* Be aware of the problem

* Password-protect your computer so that others can't fiddle with it 
  while you're away

* Banning smart phones in areas like server rooms and conference rooms

* Disable Bluetooth and infrared on your company's computers

* Install software that can keep a log of wireless transfers made from 
  your computer.

(There is, however, no commercially available product that can do this.) 
 
 

_________________________________________
Network Security -http://www.auditmypc.com
Free vulnerability test - How secure is your computer?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Crackdown begins on Bluetooth bandits, InfoSec News <=
Previous by Date:  [ISN] Legal threat stops flaw info release, InfoSec News
Next by Date:  [ISN] Problem Confirmed In January Patch For Windows 98, Me, InfoSec News
Previous by Thread:  [ISN] Legal threat stops flaw info release, InfoSec News
Next by Thread:  [ISN] Problem Confirmed In January Patch For Windows 98, Me, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]