User:Erin Watson

My name's Erin and I live in Brisbane.

I am studying a bachelor of Creative Industries at QUT.

Through this course I am focussing on three main areas. I study two sub- majors and a minor. These are Digital Media, Visual Arts and Communication Design (in respective order.)

After I finish university at the end of 2005 I hope to go overseas to live and experience the world in a strange and foreign culture. I think it will be a great learning experience for me.

Contents 1 Family 1.1 Mum 1.2 Dad 1.2.1 Thea 1.2.2 McLean 2 BLUETOOTH TECHNOLOGIES AND THE SECURITY AND PRIVACY IMPLICATIONS OF THEM.

Family

Mum

Dad

Thea

McLean

The Hot Hits

User:Chris Paine

User: Ryan Lee

Main Page

Mail To Erin Watson

hello

ISBN 0195508599

Erin Watson 13:33, 26 Jul 2004 (EST)</nowiki>

I have an idea for my research project. I have decided to do Bluetooth wireless technologies and their uses in societies and privacy issues associated with it. Here are my pages to start with

My backup plan is to do blogging, and whether people use them as a personal emotional vent or for the hope that the wider community will read them.

Bibliography

Annotation

Erin Watson 08:10, 27 Jul 2004 (EST)

Annotated Bibliography- due Friday August 13 2004

BLUETOOTH TECHNOLOGIES AND THE SECURITY AND PRIVACY IMPLICATIONS OF THEM.

Siep, T. (2001) An IEEE Guide: How to Find What You Need in the Bluetooth TM Spec, New York: The Institute of Electrical and Electronics Engineers, Inc., ISBN 0738126357

Chapter two of Siep’s book discusses in accurate detail the general technology of Bluetooth wireless technologies, their uses and future potentials. It provides the reader with an insight into the technology and the advantage that wireless technologies like Bluetooth possess in being a replacement for cables. He examines its future uses as an all-round communication device capable of operations from accessing the Internet to turning lights on in a house before the owner arrives home. He states that this has both good and bad aspects, especially with reference to the office, in that a person will be closer, and for longer periods of time, connected to their peers, workmates and family. This relates to my subject area of security and privacy, where people could be constantly monitored and their personal information stolen without them ever knowing.

Siep observes that Bluetooth, being powered by a very low power radio device, has the possibility of being utilised on airplanes. He notes that other radio devices such as mobile phones and wireless mice are easily identifiable if in use on an airplane, but Bluetooth devices are not, as the power is lower and will not interfere with the airplane’s navigational and other systems. Whilst it is possible to use Bluetooth on planes, the potential for problems caused by security and privacy is great. The rate that the technology is being developed means that programs can be created that will allow a user to disrupt a plane’s system by simply increasing the power output.

Bakker, D.M. and Gilster, D. (2002) Bluetooth End-to-End, New York: Hungry Minds Inc. ISBN 0764548875

Bakker and Gilster go into a lot of detail about the security systems of Bluetooth in their book, in particular in chapter seventeen. They discuss the three levels of security that the user has the choice of, as well as discuss the security system’s strong points as being flexible and usable. Also mentioned are the system’s weak points. The use of PINs by Bluetooth users creates possible problems in that they are transmitted over the air and usually stored in the phone’s memory. The use of a link key enables users to hack into another’s conversations, and because each Bluetooth device has its very own unique address, it can be discovered, and the person “traced, activities can be monitored, and the device address stolen.� [p.255]

Other ways in which the Bluetooth security system can be compromised includes users trying to block the network and stop the flow of information from being transmitted. Bakker and Gilster also mention that the Bluetooth system relies on battery power, thus creating the potential of hackers “increase[ing] the power consumption in a unit, and thus prematurely drain[ing] battery life.� [p.255] These kinds of security and privacy problems are directly relevant to my area of study about Bluetooth security and its effect on the legitimate users of Bluetooth technologies, especially in relation to a person’s privacy rights.

Lightman, A. (2002) Brave New Unwired World: The Digital Big Bang and the Infinite Internet, New York: John Wiley and Sons, Inc. ISBN 0471441104

In chapter sixteen of Lightman’s book, he discusses general details of Bluetooth technologies and their uses. Also provided is a brief history of the Bluetooth Special Interest Group (SIG) and how over two thousand companies now participate in its activities and the continuing development of the software. He mentions the market for Bluetooth as being “huge,� [p.201] and five billion dollars worth of sales is expected by 2005. The kinds of applications that will utilise the software are going to expand into areas such as “automotive, medical, industrial equipment, output equipment, digital- still cameras, computers, and communications systems;� [p.201] that is, any industry that will benefit from the replacement of cables. This is interesting and relevant to my discussion area because this means that as more and more people and companies utilise the software, the more issues with security and privacy the communications tool is going to have, and the faster they will have to repair them. Lightman mentions also that over one hundred and forty Bluetooth “qualified products� by mid-2001 had been noted on the SIG website. [p.201]

Tranter, W., Woerner, B., Reed, J., Rappaport, T. and Robert, M. (eds) (2001) Wireless Personal Communications: Bluetooth Tutorial and Other Technologies, Massachusetts: Kluwer Academic Publishers. ISBN 079237214X

Tranter et al. discuss a broader application of Bluetooth technologies, from general topics to security issues. The key word that comes up in their discussion is “limitless;� an appropriate word for both the Bluetooth technology itself and the security issues that go with it. The Bluetooth applications that they mention are: “the three-in-one phone,� “the Internet Bridge,� “the interactive conference,� “a Bluetooth-enabled headset� and “an automatic synchroniser.� [p.264] Each of these communications involves the connection via Bluetooth of varying devices and sharing of information or communicating, which is what creates the problems with hacking and people trying to steal personal data to use for their own purposes.

The authors also discuss the fact that although Bluetooth technologies are low power, they have the potential to cause “significant disturbance.� [p.264] However, they say that this theory is based on “assumptions� and “the gravity of this problem cannot be determined until these systems see wide- scale deployment in a real- world environment,� [p.264] which is true, however, there will be a major recall if the products’ security systems are found to be unsatisfactory and dangerous.

Zetter, K. (2004) ‘Security Cavities Ail Bluetooth,’ Wired Magazine, [Online]. Available: http://www.wired.com/news/privacy/0,1848,64463,00.html?tw=wn_1polihead [2004,August,9]

Zetter’s article describes the flaws found in the Bluetooth software, and the ramifications of these. Security experts carried out tests on the software, creating programs called “Bluesnarf� and “Bluebug� that enable the user to enter a victim’s phone and steal personal information, dates and telephone numbers. Their separate findings conclude that even though the attack possibility is small, due to the fact that the attacker needs to be in close range and would have little time to gain the information they wanted, it is probable and possible that people will use the programs or ideas to their advantage. Both of these attacks can be carried out without the victim having any idea that it was happening.

The author mentions that the take- up in popularity of Bluetooth- enabled devices is ensuring that at least two million are being bought each week. According to the author, fifty- three per cent of mobile phones worldwide and sixty-five per cent in the USA will have Bluetooth capabilities by 2008. Therefore, security problems within Bluetooth will have serious and far- reaching effects because of this surge in popularity. These topics relate directly to my subject area of Bluetooth security and privacy, showing that although the technology is advanced and very user- friendly, people will not buy them if they think they are unsecure or hazardous on any level. The fact that the author mentions in his article that Bluetooth may in the near future be used for medicinal and home security purposes shows the importance of ensuring the security and privacy problem is fixed as soon as possible. [p.2]

Collins, G. (2003) ‘Bluetooth Security,’ Byte.com [Online]. Available: http://search.epnet.com.gateway.library.qut.edu.au/direct.asp?an=9838467&db=afh [2004,August,3].

Collins’ article describes the consequences of owning and operating a Bluetooth device, which, although it has all the advantages of a wireless network, seems to forfeit security features first. [p.1] Many people these days own, or are buying, a mobile phone. Some of these people will buy a phone with Bluetooth software embedded in it and never realise it, which can cause serious security problems if they have the device turned on and are receiving unsolicited messages without the owner ever knowing. The author mentions the three security levels of Bluetooth, and what attackers can do if their security is not taken care of. These can include such things as: tracking down the owner, listening in on conversations, obtaining messages and contact lists, or even writing and installing worms that spread like wildfire and are almost impossible to stop. [p.2] Collins’ expresses that the worm is probably worst- case scenario, where an infected phone working in a central business district could pass the worm unknowingly to thousands of other phones in mere hours, or it could make so many unwanted calls that they clog a network. [p.2]

These types of problems relate to my subject area of Bluetooth security in that they are a broad examination of the possible and foreseeable problems that face Bluetooth owners in the near future. In affecting security, they are also affecting a person’s privacy rights through unsolicited entry to a person’s confidential details often stored on their phone or PDAs. These kinds of security and privacy concerns need to be dealt with by the producers of the software before they stop consumers buying them.

Brewin, B. (2004) ‘Security Threats Raise Concern About Bluetooth,’ Computerworld, [Online], vol.38, iss.19,pp, 1-2. Available: http://proquest.umi.com.gateway.library.qut.edu.au/pqdweb?index=9&did=000000636770731&SrchMode=1&sid=1&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1091677090&clientId=14394 [2004,August,3]

Brewin’s article reports the news that security flaws had been found in Bluetooth devices after researchers devised programs that could hack into the system and cause serious trouble. The author explains ‘Bluejacking,’ a less dangerous form of security failure in the Bluetooth devices, as “an annoyance� that can be combated by not using the ‘find-me’ feature of the mobile phone. [p.1] Brewin talks about the use of Bluetooth- enabled devices within the workplace as being a bigger problem because individuals can buy their own apparatus and are therefore “harder to manage� than business- owned hardware and software. [p.1]

Brewin also notes the fact that laptops and PCs have a wider- reaching range in terms of metres for transmitting and picking up radio signals via Bluetooth. A typical Bluetooth- enabled mobile phone can reach a distance of about ten metres, but laptops and PCs can reach to ten times that, to about one hundred metres. This makes them even more susceptible to attacks as the attacker doesn’t need to be in close proximity to the victim. [p.1] This relates to my topic area as it extends the boundaries of Bluetooth security and privacy issues beyond mobile phones and to computers as well. This shows that the issue of Bluetooth security will affect more people than was first thought.

Wagstaff, J. (2004) ‘Bluetooth May Put You at Risk of Getting “Snarfed�,’ Wall Street Journal, [Online]. http://proquest.umi.com.gateway.library.qut.edu.au/pqdweb?index=14&did=000000617920081&SrchMode=1&sid=1&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1091677090&clientId=14394 Available: [2004,August,3]

Wagstaff’s article looks at the details of the attack on Bluetooth- enabled phones known as ‘Bluesnarfing.’ The idea behind Bluetooth is that it is eventually going to do away with cables and their inconveniences. The article notes that while there have been no specific attacks recorded, there is always the possibility that one will occur, and as time goes on, the possibility turns into a probability. In this article it is advised that owners of Bluetooth- enabled phones and other devices do not set them to discoverable, although in some cases this needn’t even happen. There is software available freely on the Internet that allows a person to hack into another’s phone without Bluetooth even being on, as well as allow them to fiddle with personal data. The most important advice that the article gives is to not leave any information on your phone that you wouldn’t want the world to see. [p.1]

“Bluesnarfing� is one of the more serious issues related to Bluetooth security, and relates to my subject area in that it presents a whole separate sub- topic discussion region. I found it particularly interesting that even celebrities could become victims, especially with the media wanting their attention so much that they would do anything for extra information about them.

Cox, J. (2004) ‘Bluetooth’s sprawl heightens security concerns,’ Network World, [Online] vol. 21, iss. 20, p.8. Available: http://proquest.umi.com.gateway.library.qut.edu.au/pqdweb?index=7&did=000000639982181&SrchMode=1&sid=1&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1091677090&clientId=14394 [2004, August, 3]

Cox’s article reports the security issues associated with the widening spread of Bluetooth- enabled devices. The problems, such as ‘Bluesnarfing’ and ‘Bluejacking’ were described by the Bluetooth Special Interest Group as “trivial.� They were noted as saying that if the users knew how to use their devices properly then the risk of being attacked was reduced significantly. The group also stated that Bluetooth was designed with security at the forefront of production; the security features include “authentication, 128-bit encryption and additional higher-level security protocols that can run over the connection.� [p.1]

The author describes ‘pairing,’ the process of two machines remembering and storing each other’s information, as something that should be done in private and secure places where the risk of intrusion is minimal. The article tells of new programs that have been developed to combat hackers, such as “Bluesniff� and “Bluewatch� [p.1] that can monitor Bluetooth devices, especially in corporate environments. In relation to my topic area, the development of new programs to counter the ones developed by hackers and researchers provides another area of research and study as the war for a secure Bluetooth device is fought.

Mail To Erin Watson

Erin Watson 16:21, 12 Aug 2004 (EST)