1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Bluetooth security?

Discussion in 'Fred's House of Pancakes' started by daniel, Nov 2, 2010.

  1. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    I have a low level of trust for all things wireless. I'd rather connect my peripherals via cables. But since the Magic Trackpad does not come in a wired version, and my arthritic thumb was making the trackball painful, I'm suddenly using bluetooth.

    My question: Now that I have Bluetooth turned on in the computer (an iMac running Snow Leopard) is there anything I need to know to prevent the Russian Mafia from driving by and insinuating themselves into my computer?
     
  2. dogfriend

    dogfriend Human - Animal Hybrid

    Joined:
    Feb 26, 2007
    7,512
    1,188
    0
    Location:
    Carmichael, CA
    Vehicle:
    2007 Prius
    The Russian mafia will need to get within about 30 ft (10m for Class 2 Bluetooth), so if you can keep them out of your house you will probably be ok.
     
  3. dogfriend

    dogfriend Human - Animal Hybrid

    Joined:
    Feb 26, 2007
    7,512
    1,188
    0
    Location:
    Carmichael, CA
    Vehicle:
    2007 Prius
    Also, If I Recall Correctly (IIRC), OS X will ask you before connecting to a Bluetooth device that it hasn't been paired with previously.
     
  4. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,075
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    Your PIN is key to this process. It controls both pairing and encryption. If you are worried about security, use a longer PIN.

    Tom
     
  5. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    Do you mean my admin password? I am not aware of a PIN. I looked at the Bluetooth and Security tabs and saw no mention of setting up a PIN other than my personal and admin passwords.

    I don't expect the Russians to park outside my house searching for ways into my computer, but if a virus gets hold of my neighbor's computer and instructs it to look for nearby networks to invade, could it latch onto my Bluetooth? I guess the fact that OS X would ask me for permission keeps me safe.

    I did uncheck "discoverable."
     
  6. eagle33199

    eagle33199 Platinum Member

    Joined:
    Mar 2, 2006
    5,122
    268
    0
    Location:
    Minnesota
    Vehicle:
    2015 Prius v wagon
    Model:
    Two
    You're perfectly fine with bluetooth enabled, daniel. As others have said, it has a pretty limited range, which really reduces the risk of anything happening. Further, in order for two devices to really communicate over bluetooth, they have to be paired. Pairing involves inputting a PIN (usually 4 digits) that's displayed on one device (or comes with the devices manual) into the other device, while the devices are discoverable.

    But just think about the point of most viruses. They're designed to spread and infect other computers as efficiently as possible, with the full knowledge that antivirus software will be updated within weeks (sometimes days) of the virus being released. When your talking globally, a virus can infect thousands of computers per minute using the internet and local networks. One person bringing an infected laptop in to work with them can spread the virus across thousands of computers at their company in minutes, without ever knowing.

    Now, think about bluetooth. If you want to spread the virus that way... you might get lucky and be able to spread it through a few rooms in an apartment building. Certainly at work most people don't use or need bluetooth, so it wouldn't really spread there. It wouldn't spread through the suburbs due to the distance between houses.

    So, writing a virus that spreads via bluetooth just isn't worthwhile. That's not to say it will never be done... but I'd be willing to bet there are at least 1000 network-based viruses created for every 1 bluetooth-based virus.

    It's the same argument for using Mac's. While their security is inherently better than Windows, it's not perfect and people could write viruses for them. The incentive to do that just isn't there though. Windows-based viruses are easier to write and have more chances for infection (given the number of Windows-based computers in the world).
     
  7. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,075
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    There is a PIN that is used to pair the devices. It controls both the pairing and the encryption of data packets. Some devices allow you to set the PIN, others just give it to you. If you can set it, use at least eight digits.

    Since you aren't worried about packet sniffing, the strength of encryption is not important to you. Mostly you need to keep an unwanted device from pairing with your system. The standard setup will keep that from happening. If you want to take it to another level, you can turn off discovery, which keeps your device from broadcasting its existence.

    Tom
     
  8. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    Okay. Sounds like I'm safe. I was never queried about a PIN, though. I turned on Bluetooth, turned on the track pad, the computer found the trackpad and I clicked on it. I don't remember if I had to enter my admin name and password. I had to enter those to install the driver software. The PIN was invisible to me.

    I did turn Discovery off.
     
  9. tleonhar

    tleonhar Senior Member

    Joined:
    May 8, 2005
    1,541
    34
    0
    Location:
    Belle Plaine, MN
    Vehicle:
    2006 Prius
    Model:
    N/A
    Even in the very unlikely event that someone gets in range of your bluetooth, with discovery turned off, it's almost impossible for anyone to tap into it.
     
  10. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    Good. Thanks. Anyway, I'm stuck with it if I don't want to go back to the trackball or a mouse, and my arthritic thumb has settled that point.
     
  11. davesrose

    davesrose Active Member

    Joined:
    Aug 27, 2010
    767
    164
    0
    Location:
    Atlanta
    Vehicle:
    2010 Prius
    Model:
    IV
    I was assigned a passcode with my Prius when I tried syncing my BT phone with it. That's the only time I've incountered a BT device needing a pin. When I sync the phone with my laptop (with BT), it automatically connects. Either way, I think it's pretty minimal that the Russian mafia or any lookie loo neighbors will be able to hack anything. The only time you might have real sensitive information is if you're keying in a credit card...with that, I'm sure on my own wireless router using my own encryption. If I'm ever in a hotel or public wifi spot, I might check e-mail, but I never give out my credit card.
     
  12. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    Thanks, Dave, Since this is a track pad, I'll never be keying in anything with it. It just moves the cursor, scrolls, clicks, stuff like that. My concern wasn't someone listening in to the pad, it was whether having Bluetooth turned on could in itself be an entry point if my neighbor's lack of security on her Windows PC allowed it to be taken over by a virus. The consensus her seems to be that it could not.

    I never send credit card info, or log into financial web sites, from public computers, though I sometimes check my email. I do on rare occasions log into my bank while traveling, at a public wi-fi spot, but I assume that the encryption at my computer (the iTouch these days, running Safari) keeps me safe.