Thursday, August 27, 2015
Keys to the vault
iPhone®s have a feature that enable users to share files via Bluetooth®. You simply activate Bluetooth® on your phone and search for the other person’s phone signal. Rather than send several emails or texts with photos it is simple file transfer. We successfully completed this method of file sharing in a public setting. Very simple and convenient. What was noted was the number of open Bluetooth® connections that were also within range. This is like walking around with your purse wide open or leaving your car keys in the door lock.
Bluetooth® use developed slowly, but once other technology caught up it’s use exploded. Bluetooth® was developed in the early 1990’s. It wasn’t until 2000 that the first mobile phone with Bluetooth® technology came to market. In 2001, laptops and peripherals (printer, ear pieces, car kits) came to market. The next several years produced everyday items that could connect via Bluetooth®, such as TVs, glasses, watches, and appliances. Around 2005 is when Bluetooth® became a popular feature on phones. After Smartphone’s took off in 2007, it became a standard feature and every year since more uses between phones and other devices have been released.
Hacking into Bluetooth began almost as soon as it became widely available on phones. Once consumers began using their phones for more financial exchanges and social media hackers seized on the opportunity to exploit users lack of knowledge in regards to security and Bluetooth® connections. Most phones at startup activate the Bluetooth® feature. The user has to purposely turn off the connection. However, few do, either because they are unaware or actually use features such as earpieces or car connections. When not using the devices users leave their phones in the discoverable mode.
As with Wi-Fi, hackers love sitting in public places scanning for phone signals in public places. They setup shop in common, high traffic (use) areas by sending an open Wi-Fi signal or intercepting Bluetooth® connections between phones and peripherals. Bluebugging is a term to describe identity theft by hacking access to mobile commands on Bluetooth®-enabled devices that are in discoverable mode. Your phone is tricked into thinking that it is connected to the peripheral when it is actually connected to the hacker’s device. Once intercepted the hacker can take control of the device and/or retrieve data.
In July 2015, hackers successfully hacked into the system of a Jeep Liberty, taking control of the vehicle’s comfort, operational, and safety systems too include braking. This was done purposely to prove the vulnerability to automakers. But if one person figured it out you can be sure there is a long line of others.
As of this writing, research revealed there was little data regarding the number of Smartphones or personal accounts used on Smartphones that are hacked. It is doubtful that the lack of data is due to a low occurrence, but rather lack of realization, little reporting and/or notice by the media. You may occasionally see a flip phone or non-Smartphone but these types of phones are becoming rare. Many carriers do not offer these types of phones. There are an estimated 183 million Smartphone users in the U.S. alone, 2 billion worldwide. Next time you’re in public take a moment to look around and let it sink in how people around you have phones. Probably safe to say everyone.
Just as your home computer became vulnerable in the 1990’s, your phone is now the target. Only with your home computer you almost have to invite the hacker in through malware or ill advised website visit. Your phone on the other hand is with you all the time exposing it’s signals to the public wherever you go.
Most times you won’t even realize that your phone has been hacked. Not until strange social media posts surprise you or you notice withdrawals from your bank account. You home computer will get a virus. You’re email account will be hacked. Your credit card information will be stolen. And growing every year, someone will be kind enough to file your taxes for you, for the small fee of receiving your refund.
Eventually your phone will be hacked. The best you can do is try to limit your vulnerability by keeping the doors shut. Limit you public broadcasting of a Bluetooth® signal and use of public Wi-Fi. Turn off your Bluetooth® when not needed. If you do use password protected accounts through public connections, change your passwords after each use. Watch your data usage for spikes. Constantly check your financial accounts as part of your regular security routine.