FIRMS are leaving themselves wide open to fraud if they fail to protect their workers' mobile phones and other handheld devices, it is feared.
Fraudsters' methods include:
- Bluetooth pairing attacks - whereby an attacker gains full access to the memory content of a phone/laptop/PDA at the point of first communication, gaining the pin code and therefore becoming a trusted device;
- BlueSnarfing attacks - where the hacker gains access to the phonebook and calendar information and can divert calls to their own phone;
- BlueBug attacks - where the hacker has full access to the device and can initiate calls (such as premium rate phone calls) and text messages from the victim's phone.
Accountants Grant Thornton warn the risk is increasing dramatically as the demand for Bluetooth phones and other wireless devices increases.
Grant Thornton IT security manager John Dunne said: "Most devices have encryption settings but they can be easily cracked with tools and techniques that are readily available on the internet.
"The most worrying aspect of Bluetooth attacks is that you are not even aware that your device has been accessed illegally until it is too late and the information has been stolen.
"Businesses need to think very carefully about the information they store on a phone or PDA.
"If you were a business involved in mergers and acquisitions activity, the last thing you would want is someone finding out who you had been in contact with over the past few weeks.
"Take the example of Paris Hilton. Her mobile phone contents ended up on the internet after a bluesnarf attack on her phone."
Prevention was better than cure: "Disable the Bluetooth signal on your device when it is not in use," he advised.
Combating Bluetooth attacks
-
Disable the Bluetooth signal on your device once it has synchronised with its parent.
-
Limit how much sensitive data you store on the device.
-
If you must store sensitive data, then use codes and nicknames to make it anonymous.
-
Protect your device with additional encryption.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereComments are closed on this article