I am new to the world of Bluetooth so please excuse my ignorance regarding this issue. I recently ordered my first Bluetooth device (gps) and after reading this article I have some concerns about security of my personal data. I would appreciate any comments regarding the accuracy, or lack there of, of this article.

Yahoo News Article (http://story.news.yahoo.com/news?tmpl=story&cid=1739&e=5&u=/ttzd/148746)

Well, you have security on all bluetooth devices. Are you talking about a Bluetooth GPS recciever? If so, I'm not sure that personal data is stored onthat, but rather the pocket pc itself. I might be mistaken on that. But also, bluetooth is still quite scarce. I'm at college right now, and sometimes in large lecture halls or largely crowded areas, I'll turn on my bluetooth and search around to see if anyone else is using a bluetooth device, and only in one instance did I find a bluetooth phone, and it was locked (not that I was going to do anything bad to it anway :D ) but as long as you keep good security, you should be fine. And since I would assume you'll mostly be using the GPS in your car, I wouldn't think it would be very easy for someone outside your car to connect to your device, seeing as you'll be moving. Well, I hope that helped, good luck!

That article is pretty accurate. Its not however bluetooth itself which has weaknesses, but the various implementations e.g. the way Nokia wrote the software to implement the protocol, or the way Sony-Ericcson did it. As awareness of the problem grew the newer phones are much more robust and secure.

Attacks usually have to be quite platform specific, e.g. not bluetooth attacks, but bluetooth on the Nokia from two years ago. In the end it depends if your platform is a target for hackers or not. Fortunately or unfortunately there is 10 times more bluetooth phones than bluetooth PDA's, and most people keep bluetooth off on their PDA's (due to battery considerations) whereas most people keep bluetooth on on their phones (for use with headsets or handfree units). This means no one has tested microsoft or widdcomm's implementation of bluetooth, although if they were under the attention of hackers they would likely find a few holes.

The short version then is that bluetooth is a potential attack vector, but no one has tried to attack pocketpc's yet using it, and as long as you keep up to date with the news you wont have to worry until some-one actually does.

Here is a list of the phones found vulnerable in some way or another. Note no PDA phones or PDA's included there.

Vulnerability Matrix (* = NOT Vulnerable)
http://www.thebunker.net/security/bluetooth.htm

Ericsson T68
Sony Ericsson R520m
Sony Ericsson T68i
Sony Ericsson T610
Sony Ericsson T610
Sony Ericsson Z1010
Sony Ericsson Z600
Nokia 6310
Nokia 6310i
Nokia 7650
Nokia 8910
Nokia 8910i
* Siemens S55
* Siemens SX1
Motorola V600 (++)
Motorola V80 (++)

Surur

Thank you for the information. Since I will have my Bluetooth enabled for the first time soon, I just wanted to make sure that I wasn’t opening my pocketpc to the world. I keep all my really important data in ewallet, but I would still hate to give all my contacts to anyone with a Bluetooth enabled device.

Thanks again for taking the time to help out a Bluetooth newbie :wink: