Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Protective Defenses > Bluetooth - Pg. 374

374 Chapter11·MobileMalwareMitigationMeasures Protective Defenses A few common types of protective (as opposed to reactive) defenses are commonly used on mobile platforms. They all essentially function by trying to block the bad stuff, while allowing the good stuff to pass through.You're probably very familiar with the concept from desktop security software already. In fact, what you will see is that, in general, the mobile equivalents behave nearly the same as their desktop cousins. These defenses can be broken down into two further categories. The first is really a firewall. It establishes a screen in front of, or around, some service and attempts to filter what is allowed to pass through. Most relevant to mobile devices are network (IP) firewalls and Bluetooth firewalls. Network firewalls provide protection against a variety of threats that can arrive over your "Internet" connection. To an IP firewall, it does not really matter if your network connection comes via a GSM connection (like EDGE or 3G) or via Wi-Fi. The network firewall operates at the IP layer. Network firewalls can inspect traffic at a variety of "layers" and look for a variety of bad things. In desktop security, firewalls can often get blurred into more complicated and more deeply inspecting intrusion detection. In mobile environments, processing power and battery limitations tend to limit how extensive this inspection can be. A simple firewall might only attempt to filter obvious scanning attempts and access to ports that are not active. With most current phones, a firewall is not going to provide a great deal of immediate value. You're not likely running many services that you don't want to expose (a common problem on desktop systems). There's not much current risk of other things like Denial-of-Service, malformed traffic, and so on. In the near future, as these devices mature, we may see the risk profile rise. If your operating system or security suite supports a firewall and it has little performance impact, it would be wise to leave it on. For most users, however, it's not worth going out of their way to add a network firewall today. Bluetooth A Bluetooth firewall provides similar functionality for interactions over the Bluetooth inter- face. There have been various Bluetooth attacks demonstrated against common phones. While there is limited data measuring their frequency in the wild, there is at least some real exposure here today. In some cases, it's not viable to just turn off Bluetooth completely. Even making your phone "undiscoverable" isn't foolproof. A firewall or something similar that would be able to prevent unwanted connections and look for suspicious activity (like forged unpair requests) would be useful. Following the Bluetooth best practices will likely be sufficient for most people, but if you're extra-concerned, adding a little additional security wouldn't hurt. Bluetooth security packages often add very little overhead since they only really operate when there is Bluetooth traffic.