All the data on your phone or PDA could potentially be downloaded by someone sitting close to you thanks to vendors' practice of setting Bluetooth security settings off.
By turning Bluetooth security off, the device is far more likely to communicate and send data wirelessly without encountering problems. As such, many vendors turn it off as a default to reduce the number of support calls. However it also means that someone could easily connect to whatever equipment you have and read what is stored on it - in most cases private and confidential numbers, names, emails and memos.
A large number of businessmen and executives believe that with the Bluetooth device set to "non-discoverable" that people will not be able to connect to it. However, a piece of software by security consultants AtStake called Red Fang is able to pick up all Bluetooth devices in the area, whether set to non-discoverable or not.
The software's writer, Ollie Whitehouse, told us the idea behind the software was to demonstrate what a huge security hole Bluetooth could potentially be. "It was a proof of concept idea to allow people to see the possibilities that exist to abuse this software," he said. He denied that the tool could be used maliciously in its current form though. "It will only attack a certain manufacturer's equipment."
Bluetooth does have a limited range and so someone would need to be consistently close to you, but Whitehouse points out that at airports and on long train journeys, there would exist a perfect opportunity to drag information off people's PDA and mobiles. "There is a very real risk here," he explained.
The idea is to make people more aware of security and also attempt to get vendors to set their default settings higher. Since most people will not know how to find their security settings, let alone set them up correctly, this default security could prove increasingly important as Bluetooth is added to more and more devices.