How you can infect your mobile phone through Bluetooth

 As mobile phones have been evolving to become more and more like computers when it comes to useful features and functions available with PCs at the same time they incurred the same problems we have when using our desktops and laptops. Smartphones with the options and operating systems much like computers have are also vulnerable to malicious applications and virus attacks which often results either in device damage or identity theft. Besides, such malware attacks also allow violators to fully control mobile devices and perform actions they initiate. Here we will discuss how we can get a virus on our mobile phone through a Bluetooth device, what implications of such attacks can be and how we can protect against them.

As reported by many media sources first virus that could spread via Bluetooth was created back in 2004. It was the benign worm called Cabir and was written by 29a, a group of virus writers which specializes in proof-of-concept viruses - they made the first viruses for .NET and for Win64.

Cabir was transmitted via Bluetooth, from the infected phone to the first it finds within range. It transmitted itself as an SIS (Symbian OS distribution) file that masqueraded as a Caribe Security Manager utility. If the worm was executed, the handset would display the inscription Caribe and would activate each time the phone was started. No other damage was caused by the virus.

However, as one source noted later it was just a short step from proof of concept to being "in the wild," and sure enough a handful of cell-phone viruses have hit handsets since the first, "Cabir," arrived.

And of course Symbian based Smartphones were not the only devices that might get a virus. At the end of 2006 hackers managed to develop a malware that could affect an ordinary mobile phone. The basis for the malicious applications was J2ME, a mobile version of Java code. The virus appeared in some countries and could be transmitted both through WAP site or Bluetooth. That Trojan worm masqueraded as a program allowing to visit WAP sites without paying for the traffic while in fact it generated SMS sent to the sites with paid content thus drawing out funds from a user's mobile phone for each transfer.

Eventually the world of mobile technologies adopted new terms related to malware transmitted via Bluetooth. Mobile devices became vulnerable to attacks like "bluejacking", "bluesnarfing" or even "bluebugging". Some of them were harmless while others were dangerous.

Bluejacking, also known as "bluespamming", is a technique used to send anonymous text messages to mobile users via Bluetooth, according to Ooi Szu-Khiam, senior security consultant at Symantec Singapore. "Phones that are Bluetooth-enabled can be tweaked to search for other handsets that will accept messages sent via Bluetooth."

"Despite the name, it doesn't hijack the phone or suck off the information. It simply presents a message, similar to e-mail spam. The recipient can ignore the unsolicited message, read it, respond or delete it," Ooi said. "While bluejacking can be an extremely annoying onslaught of unsolicited messages, it is generally a minimal security risk."

Bluesnarfing turned to be a more dangerous threat. This technique allows hackers to get access to the data stored on a mobile device without users' being aware of the fact. Such applications exploit security flaws peculiar to older versions of Bluetooth-enabled handsets. Attackers can access and copy information on the device without user's knowledge. Besides, such malicious programs can connect to mobile devices even if the users have configured their devices to be in "non-discovery" mode, where the device remains hidden when someone searches the vicinity for Bluetooth devices.

Thus, any valuable information on a mobile phone such as address books, calendars, email and text messages can be hit by a bluesnarfing attack.

Bluebugging is the most dangerous attack among these three. This technique is used by attackers to access mobile-phone commands using Bluetooth technology, without notifying or alerting the device owner.

"This vulnerability allows the hacker to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations and connect to the Internet," Ooi explained. "As with all the attacks, the hacker must be within a 10-metre range of the [targeted] phone." Unlike bluesnarfing which simply provides attackers access to personal information on the device, bluebugging allows the attacker to take control of a device, he said.

In order to protect your devices against possible attacks via Bluetooth experts recommend to equip your cell phones with mobile security products, which include antivirus, firewall, anti-SMS spam and data-encryption technologies, that are easy to deploy, manage and maintain. Besides they also recommend to follow these four steps:

• Stay offline

Turn off features that you are not using. If you have a Bluetooth-equipped device and do not need the function, then don't turn it on.

• Stay invisible

If you are using the Bluetooth function and don't require your device ID to be visible to others, make sure the device's visibility setting is set to "hidden" so malicious hackers will not be able to scan and search for it.

• Verify incoming transmission

Do not accept and run attachments from unknown sources unless you are expecting them. For example, if you receive a message to install an application and you don't know its origin, don't run it.

• Use passwords

Ideally, use passwords with a large number of digits. A four-digit PIN or password can be broken in less than a second, and a six-digit PIN in about 10 seconds, while a 10-digit PIN is likely to take weeks to crack.