When you contemplate the possibilities, the concept of Cabir gets pretty scary. The number of computer users who are already targets of virus infections pales in comparison to the number of mobile phone users out there. And the threat is compounded by the fact that its not the first proof-of-concept of Bluetooth vulnerabilities weve seen. There were bluesnarfing and bluebugging, in which it was shown that hackers could anonymously gain access to a Bluetooth device.(A detailed description of these and other possible attacks can be found here.) And if you think these holes might affect only kids and gamers who exchange files, ask yourself whether the Java applets used to facilitate enterprise data exchanges can really remain immune. They are, after all, executables. According to Bruce Schneier, founder and chief technology officer of Counterpane Internet Security, in Mountain View, Calif., they wont always be safe. Schneier, the author of "Applied Cryptography," has been predicting this day for nearly three years now. In 2001, he took one look at Bluetooth and the over-the-air peer networks it enables and declared it "an eavesdroppers dream." He cautioned it should be treated as "a broadcast protocol, because thats what it is." After news of Cabir broke, I caught up with Schneier on his cell phone while he was awaiting takeoff to Albuquerque. What amazed him about news of the virus was that anyone was amazed. That malicious code could infect a cell phone network is no more surprising, he says, than having it show up in a computer network. "It takes specialized knowledge to exploit a cell phone, but youre going to see more of this because mobile phones and handheld devices are the new computers," Schneier predicts. "They have OSes. They download software. So, theyre going to be just as vulnerable." And he predicts that the back-end networks that communicate with them will become vulnerable as well, posing yet another threat that IT staff will have to be cognizant of. "What were seeing is a lot of convergence," Schneier said. "Were plugging our mobile devices into our networks. Although it is complicated as heck, it is not inconceivable that some kind of malicious software could get onto my network through my mobile phone." Editors Note: This story was updated with corrections regarding the nature of the virus. Check out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.
There is also bluejacking, which isnt hacking. Its the practice of sending anonymous messages to nearby Bluetooth devices, but some researchers suggest that it opens the door to abuse by enabling data exchange.