Bluetooth mobile phone security/spam - how many people remain discoverable?

A UK nightclub made the morning news today as they are about to start broadcasting sexual advice messages via bluetooth. Their stated aim is to remind drunken clubbers that their should keep safe if they go off piste - in principle this sounds like a good idea to me though it could become somewhat irritating for regular visitors.

I'm not an expert in Bluetooth technologies but presumably any target phones would have to be in "bluetooth discoverable mode" to receive the messages - that is unless vulnerabilities are being exploited which seems unlikely in this case as the club are acting in good faith. I wonder how many consumers leave their phone in this state? It seems pretty common to me.

As more and more personal information finds it's way onto mobile phones the likelihood of attack increases. A large number of mobile phones have flawed bluetooth implementations that leave them open to data theft, privacy invasion and illicit account charges.

Turning the bluetooth stack off all together when you're not actually using it is the best defence. Only having your phone in "discoverable mode" when you want to advertise it's presence to another device is good practise too. There's no need to set your phone to "discoverable mode" when pairing a headset with it - you need the headset to advertise it's presence not the other way around. If you want to exchange data with another phone or device (such as a PC) via bluetooth then you'll need to become discoverable to set up the initial connection.

It's a shame that software and hardware vendors (including Microsoft) don't make it easier for consumers to protect themselves from bluetooth exploitation. Turning bluetooth on, off and enabling/disabling "discovery mode" is rarely trivial - it's normally burried within a menu system somewhere. Personally I'd like a hardware switch on every (bluetooth enabled) mobile phone to make it easy to switch modes and a visible reminder in the packaging explaining in simple terms how to stay safe.

Comments

• Anonymous
  January 01, 2003
  Adam> that's exactly how I took what I heard :-) Nik> Good suggestions - how to make them happen...?

• Anonymous
  August 09, 2007
  At Manchester airport recently I noticed several stand-up hoarding type things around the concourse which offered to tell people about the goods and services they could get - via Bluetooth. In smaller print you had to walk nearer to read there was a very short bit of information about how to make your phone discoverable. There was no obvious  information about why you might not want to do this nor a reminder to make sure you turned it off afterwards. So my brain filtered this to read "please lower your built-in security so that we can send you spam information about things you don't need which we otherwise would be unable to advertise to you in a targetted fashion". No thanks.

• Anonymous
  August 09, 2007
  Most laptops have a "wifi/Bluetooth" on/off switch but you never see if on a phone. Even a shortcut would be nice (e.g. on my Nokia holding down the # key for a few seconds switches between normal and silent mode). Another good option would be to default to making the phone discoverable only for a short period, e.g. a few minutes. This would reduce the risk of people leaving it on by accident after pairing devices.