bCentral Home
Your Online Business Center

Oscar Night Hacking

Movie stars and their mobile phones

On Oscar night, three employees of Los Angeles security consulting firm Flexilis joined the crowds outside the Kodak Theatre. They weren't interested in the stars; they were interested in their mobile phones.

According to a report in the New York Times, Flexilis used a laptop computer and a special antenna to scan the celebrities' phones from thirty feet away. They did not actually hack into any phones. However, as many as 100 phones may have been vulnerable.

Besides scanning address books, Flexilis also claims to be able to remotely log keystrokes on a Bluetooth keyboard and record phone conversations from Bluetooth headsets.

Bluetooth is a low-power, short-range wireless network that allows devices like phones, printers, keyboards and headphones to communicate with one another. While not inherently unsafe, it needs to be properly used to avoid risks.

There are three main vulnerabilities:

Bluestumbling: where hackers can discover other people's Bluetooth devices - this is what happened at the Oscars.

Bluesnarfing: obtaining contact information from a 'bluestumbled' device or accessing other information depending on the type of device.

Bluejacking: like sending spam to a Bluetooth device.

The risks at the moment aren't that great and they are probably limited to publicity stunts or James Bond scenarios. However, as Bluetooth becomes more widespread, it is worth taking a few basic precautions.

Quote�They can't hack what they can't access.�End Quote

If your PDA, phone or laptop has a Bluetooth capability and you don't use it, switch it off. They can't hack what they can't access.

If you use Bluetooth, make sure that your devices are not left 'discoverable'. The exact details of how to do this vary, so (shock, horror) you'll need to read the manual.

Create secure trusted links between devices ('pairing') but don't do this in public in case someone is scanning you while you create the connection.

Do not accept files transmitted via Bluetooth from unknown or suspicious sources.

If you lose a Bluetooth-enabled device, delete the pairing from the rest of your devices in case a hacker tries to use it to make a connection.

If you have an older phone, check with the manufacturer to see if a software update is available. See The Bunker for a list of potentially vulnerable phones.

For more information read the security information on the official Bluetooth website.

Sign into Microsoft Small Business+ for free web-based training and software support.

sign in
Security information

Find a local Microsoft Small Business Specialist to help with your IT needs

Microsoft Small Business SpecialistMore info >

What do you want your PC to help you with?

What do you want your PC to help you with?

Free business newsletters - subscribe now

Our free newsletters are packed full of business advice and ideas - plus all the latest news

Security information

Get the latest bulletins and updates direct from Microsoft