Bluejacking and bluesnarfing
One of the exciting new additions to the world of cellular devices is Bluetooth. Bluetooth-enabled devices allow all sorts of interesting communications, including connections to laptops, to wireless headsets, to car hands-free kits, to local devices which will send you sales messages, and even to devices to allow you to make purchases.
The less exciting news is that in November 2003, Adam Laurie of A.L. Digital Ltd. discovered flaws in the authentication / data transfer mechanisms on some Bluetooth-enabled devices. At the moment some Nokia and Sony Ericsson devices have the theoretical potential to cause you some problems. (We are given to understand that Sony Ericsson has made an effort to fix the problem, and that Nokia said the problem is not serious enough to warrant repairing.)
Bluejacking (originally a way to send messages to another handset based on “discovering” their Bluetooth device, including messages which will re-set certain devices) and bluesnarfing allow hackers to download text messages, phone lists. Bluesnarfing also allows remotely tampering with handsets to enable them to be used as listening devices. This means that someone could, without your knowledge, download all the information on your handset. And they could in essence make a silent call to them, and listen in on whatever is being said.
In addition, there are companies that offer services which allow you to track specific handsets. This is generally done to track sales people, and for other similar, legitimate reasons. But with some handsets, an unscrupulous hacker can use Bluetooth to surreptitiously insert the activation code, and be able to track the handset 24 hours a day, without the owner of the handset being aware it is being tracked.
How serious is this? Well, if you don’t care about sharing your information, it isn’t serious at all. If sharing your information, or being listened-in on, or being tracked would present a problem, then it is at least a concern.
How do you deal with this? If you have a Bluetooth device, keep it in hidden (not visible or discoverable) mode. Even better, turn off Bluetooth if you don’t actually use the feature.
5. Real Stories from the Field — Competing with ourselves
We work largely in areas where we have relatively little competition. If you need financial investigations or due diligence in China, or Central and Eastern Europe, or Central Asia, there are not a lot of players. And if someone has stolen $200 million from you, there are not a lot of people to call on to try to get it back. And you can count on very few fingers of your hand the number of service providers who have even heard the term OPSEC! We can generally tell that the field is small because other firms will occasionally sell a job in competition with us, and then subcontract the work to us.
However, we have never thought of ourselves as being totally unique in the small world of high-risk protective services. There are, in fact, a number of very good companies in this specialized field – though for certain tasks, like bringing a few hundred million dollars worth of uncut diamonds out of Africa, we think we are the best in the business.
Because of this, we were surprised to find that we have now started competing with ourselves in providing protective services in Colombia. We are not sure why there is a sudden influx of protective service offerings in Colombia, but we are delighted that, even if we lose in our bid to provide you services while you’re there, we are likely to still have the opportunity to get you safely in and out.