06-21-2006, 09:30 PM
|
Magi
Join Date: Feb 2002
Posts: 2,386
|
|
Bluetooth-Powered Location-Based Advertising -- Courtesy of Land Rover
"Land Rover was able to start transferring data to my phone without my explicit permission because I'd left it on the "Discoverable" setting, meaning that other nearby Bluetooth devices were able to detect its presence. I guess I'd been lulled into not looking at this as a security issue because hookups of two Bluetooth devices normally require a pairing process that requires human intervention, even though I know of the hackish prank known as Bluejacking. But it hadn't dawned on me that a discoverable phone could be discovered by an advertising broadcast."
You may recall a post from about a month ago titled Location-based Advertisements Sent to Your Cellphone?. It referenced a French advertising company looking to push ads to your phone via Bluetooth. Personally, many of us were not amused by this concept, but I did took solace in the idea that I probably won't have to deal with this anytime in the immediate future. I guess that lasted all of about five weeks!
The good news is that you can avoid this headache by making your phone undiscoverable... and note, this article is proof-positive that your phone does not require human intervention to accept incoming transmissions from an unknown source (helps highlight the concerns raised last week regarding Bluetooth security flaws). Moral of the story? Make those phones of yours undiscoverable (and please remove any thoughts of providing "GTA" treatment to any Land Rover exec you may run into in the future)!!
|
|
|
|
|
06-21-2006, 11:58 PM
|
Philosopher
Join Date: Aug 2006
Posts: 578
|
|
What is "GTA treatment"?
|
|
|
|
|
06-22-2006, 12:02 AM
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Quote:
Originally Posted by bbarker
What is "GTA treatment"?
|
Grand Theft Auto, most likely.
--janak
|
|
|
|
|
06-22-2006, 01:16 AM
|
Magi
Join Date: Feb 2002
Posts: 2,386
|
|
Sorry about that. GTA = Grand Theft Auto... the highly controversial and popular video game franchise. The methods of negotiations in those games tend not to involve a lot of actual conversation.
|
|
|
|
|
06-22-2006, 05:47 AM
|
Intellectual
Join Date: Dec 2005
Posts: 172
|
|
Quote:
Originally Posted by Ekkie Tepsupornchai
Sorry about that. GTA = Grand Theft Auto... the highly controversial and popular video game franchise. The methods of negotiations in those games tend not to involve a lot of actual conversation.
|
Translation: It involves beating, shooting, and generally messing people up.
:twisted:
|
|
|
|
|
06-22-2006, 04:23 PM
|
Intellectual
Join Date: Nov 2002
Posts: 238
|
|
Isn't this in violation of the Patriot Act. You know the part where they can arrest a guy sitting in his car because he accessed someone's open WiFi network. Bluetooth is a network connection too. So, Land Rover should be taken to task for attacking your network.
__________________
Bill B
Zune Tag - therealstlbud
|
|
|
|
|
06-22-2006, 05:34 PM
|
Magi
Join Date: Feb 2002
Posts: 2,386
|
|
Quote:
Originally Posted by stlbud
Isn't this in violation of the Patriot Act. You know the part where they can arrest a guy sitting in his car because he accessed someone's open WiFi network. Bluetooth is a network connection too. So, Land Rover should be taken to task for attacking your network.
|
Interesting question. My uneducated guess here is that someone who steals WiFi bandwidth is generally stealing something that you pay a service charge for (high-speed internet access)... of course, the service provider will typically be upset by this prospect as well.
In this case, a Bluetooth message is a direct peer-to-peer connection that doesn't play to the same concept of "stealing" as with the WiFi example.
|
|
|
|
|
06-22-2006, 05:55 PM
|
Pupil
Join Date: Aug 2006
Posts: 24
|
|
The problem is many people dont have a clue what bluetooth is, and in some phones it's on discoverable mode by default. The first thing i do when i buy a new phone or PDA is to check the bluetooth configuration. I think the cell phone makers and operators should sell their devices with the discoverable mode off. Just my 2 cents...
|
|
|
|
|
06-22-2006, 07:19 PM
|
Thinker
Join Date: Aug 2006
Posts: 444
|
|
Quote:
Originally Posted by Ekkie Tepsupornchai
Quote:
Originally Posted by stlbud
Isn't this in violation of the Patriot Act. You know the part where they can arrest a guy sitting in his car because he accessed someone's open WiFi network. Bluetooth is a network connection too. So, Land Rover should be taken to task for attacking your network.
|
Interesting question. My uneducated guess here is that someone who steals WiFi bandwidth is generally stealing something that you pay a service charge for (high-speed internet access)... of course, the service provider will typically be upset by this prospect as well.
In this case, a Bluetooth message is a direct peer-to-peer connection that doesn't play to the same concept of "stealing" as with the WiFi example.
|
Getting of topic here but isn't the Patriot Act more about security then money?
Also, according to this article posted on PPCT here, accessing an open network without the networks owners knowledge is illegal in Florida. I do not know if there are similar laws in other states.
I don't think that this falls under the Patriot Act at all.
Now, back to the show...
This type of location based service to me is little more than telemarketing and a similar annoyance. Unlike typical telemarketing, it is easier to avoid getting a bluetooth message on your handheld than it is to prevent unsolicited phone calls.
|
|
|
|
|
06-23-2006, 12:36 AM
|
Magi
Join Date: Feb 2002
Posts: 2,386
|
|
Quote:
Originally Posted by Mark Kenepp
Getting of topic here but isn't the Patriot Act more about security then money?
|
I believe you're right... I was thinking about that exact Florida example and the legality / illegality of using someone's WiFi connection... I didn't put two-and-two together on the Patriot Act reference.
Quote:
Originally Posted by Mark Kenepp
Also, according to this article posted on PPCT here, accessing an open network without the networks owners knowledge is illegal in Florida. I do not know if there are similar laws in other states.
|
That's my point... I'm not sure if this is the same as sending a peer-to-peer message to a phone. This is where I was thinking more in terms of the "stealing a service that is paid for by someone else"... it's a different paradigm between the WiFi and BT example.
|
|
|
|
|
|
|
|