Bluetooth technology is one of the latest, and some say greatest, advances in wireless technology. An open-platform, short-range wireless specification for connecting electronic devices such as mobile phones, PDAs, laptops, and so on, Bluetooth has been gaining widespread acceptance in the market, with heavy-hitting companies such as IBM, Intel, Nokia, Motorola, and Sony Ericsson actively supporting, developing, and using the technology. Currently more than three million units equipped with Bluetooth technology are shipping a week, according to IMS Research.

One of the purported advantages of Bluetooth over other wireless technologies is that Bluetooth-enabled devices do not require significant user input in order to make connections. Generally speaking, as long as they are in “discoverable” or “visible” mode, compatible Bluetooth devices can find and communicate with each other on their own, as long as they are in range with one another — approximately 30 feet, according to Bluetooth specifications.

This, say some security experts, is exactly what makes Bluetooth vulnerable to attack.

In November 2003 A.L. Digital Ltd, a security and networking firm in London, released a statement regarding Bluetooth security flaws discovered in a number of mobile phone models using Bluetooth technology, notably phones manufactured by Sony Ericsson and Nokia. These flaws, reported Adam Laurie, the firm’s chief security officer, could allow mobile phone attackers to remotely access contact lists, download calendar information, read instant messages sent and received through the attacked phone, or even use the hacked phone to make calls and send messages.

Laurie and German security professional Martin Herfurt demonstrated the hacking potential in July at the Black Hat and Defcon 12 security and hacker conferences held in Las Vegas. Laurie used a laptop with modified Bluetooth settings and a program he designed called Bluesnarf to demonstrate data collection attacks. Herfurt developed his own program, called Bluebug, which can turn some phones into a bug that will transmit conversations taking place near the compromised phone to the attacker’s own mobile phone.

Another experiment that took place during the conferences was the use of the BlueSniper “rifle.” Equipped with a vision scope and a yagi antenna, and connected to a Bluetooth-enabled laptop or PDA, the BlueSniper was created by John Hering of Flexilis, a wireless research and development firm.

Hering and his colleagues reported being able to use the BlueSniper rifle to scan phone book data from 300 Bluetooth devices by aiming the device at the taxi stand across the street from their hotel — significantly farther away than the 30-foot range Bluetooth is supposed to be limited to. They later conducted another experiment and successfully scanned a phone more than a mile away.

In an interview with Wired magazine in August, Laurie indicated that Nokia car phones are particularly vulnerable to attack, since those phones do not allow users to switch to a hidden mode or to turn off Bluetooth, options that are available to other mobile phones and that phone manufacturers maintain are the best way to avoid possible attacks.

Laurie, Herfert, Hering, and others involved in these hack attack demonstrations maintain that they only conduct actual attacks — downloading information, bugging phones — on their own phone equipment and that their purpose is to demonstrate these vulnerabilities to the public and device manufacturers so that improvements can be made and the security holes closed.

These security issues are alarming, particularly given the percentage of mobile phones that are using Bluetooth technology —13 percent of the phones shipped in the United States this year, which should grow to about 65 percent by 2008, according to IDC Research.

But realistically the average mobile phone user probably does not have to worry too much about hackers taking over their phones for nefarious purposes. A May 2004 statement from Bluetooth SIG, the membership-based group that is responsible for Bluetooth specifications and for driving the development of the technology, says, in part:

“The extensive security measures that are inherent to the Bluetooth specification are more than adequate to protect consumers and their data for daily personal and professional use…Only determined and highly skilled professionals with criminal intentions, using a plethora of state-of-the-art illicit software and equipment could be able to take advantage of some less thorough uses and implementations.”

Still, it’s better to be safe than sorry. Bluetooth SIG recommends that users should protect their Bluetooth-enabled mobile phones by pairing with other phones only in a safe and trusted environment, using a non-obvious pairing code of 8 digits or longer (codes such as 00000000 or 12345678 would be easy for a potential attacker to figure out), and disabling the “discoverability” feature after the pairing is complete. In addition, users should give their Bluetooth devices a name that is “innocuous, a name that does not give away the type of device or gender of the person using it.”.