Bluetooth security and advertising

I was watching BBC’s Click program today which had an piece on how technology was being used in advertising to make billboards stand out [1]. The bit that got my interest was using bluetooth to connect to passing mobiles, this interview sums it up well. If the bluetooth UID of a mobile phone can be picked up by a poster as you walk past, and all these posters are networked together then how long before the information is sold to tracking agencies?

We already have mobile phone tracking sites that allow you to find out where in the country a phone is logged on (to quite a good resolution too). While most of these sites require some form of authentication with the phone for public use the information is obviously there to phone company employees and the people behind these sites, who knows who has access to this info.

The other security concern is the vulnerabilities of the phones, apparently with Coldplays latest album, posters in London were offering to upload a free mp3 track from the album to bluetooth phones passing by. Nearly all first generation phones that support bluetooth are hackable with new vulnerabilities being discovered on phones all the time. Bluetooth can already be used to control a vulnerable phone, for example to make it call a premium rate number without the owner knowing. If I were to use Internet Explorer as a browser I could pick up spyware just by visiting a webpage, now people will be infecting their phones by playing affected MP3’s that they have downloaded for free from rogue posters. Neither of these techniques are new but in this ever mobile age the transport methods are changing and the speed these changes are implemented are getting faster.

Leave a Reply

Your email address will not be published.