- Wonderful Weather, Terrible Trouble
- Exploiting Bluetooth
- Cabir
- More To Come...
Exploiting Bluetooth
While a virus can be written for a single, unconnected device, such a program will have a very short life. To keep the virus alive, it must be able to spread from one device to another. This part of the virus process is called the infector or infection vector.
While infectors have evolved over the years, the most common infector is via email. Once infected, a virus either uses its own email engine or borrows the victim's email program to send out copies of the virus to email addresses found on the victim's system. Other infectors include floppy disks and pirated software. New infectors are very rare simply because of the limited number of new methods of communication.
In 1999, a new protocol was designed, developed, and implemented into numerous mobile devices. Known as Bluetooth, the wireless communications protocol was built to facilitate the transmission of information within a relatively small range (about 10 meters). Operating in the 2.45 GHz range, Bluetooth uses spread-spectrum frequency hopping (1600 hops/s) to reduce the risk of interference between one Bluetooth device and another. Because the frequency changes 1600 times per second, it's very unlikely that two devices in the same area will conflict with each other.
What makes Bluetooth really useful is that it automatically handles the connection process between two devices. By scanning the surrounding area for other Bluetooth devices, and by setting up a connection between discovered devices, a piconet is created. This piconet spreads from device to device, thus creating a self-maintaining web of connected devices. While this concept is great for those who are honest, in the last couple of years several vulnerabilities have been found within the protocol that make it possible to extract information from users, send users unsolicited messages, and perform other miscellaneous attacks. However, until now these attacks have been used only in labs or to send unsolicited messages to other Bluetooth devices, a practice known as toothing.