Bluetooth Vulnerabilities

When I visited Kuwait for a vacation, I was surprised by seeing the traffic jam caused by the youngsters trying to send messages to the mobile phones in their vicinity using Bluetooth. The act of sending unsolicited messages over Bluetooth to Bluetooth enabled devices is known as Bluejacking. This is harmless and the Bluejacker usually sends text messages and simply waits for a reaction from the recipient.

Bluesnarfing and Bluebugging are the other two vulnerabilities which have been exploited by the hackers to access the data in the Bluetooth enabled phones.

Bluesnarfing refers to the act of hacking the Bluetooth device and gaining access to the private data. The information that can be accessed in this manner includes the phonebook and associated images, calendar, and IMEI. The best way to reduce the Bluesnarfing attack is by setting your phone in non-discoverable mode.

Bluebugging is the art of accessing the mobile phone commands using Bluetooth technology without notifying or alerting the user. This security issue allows a hacker to make phone calls, send and receive text messages, read and write phonebook contacts and even connect to the internet.

Bluetooth technology has put more effort on the security issues so that the users can use this technology without any fear. Some of the major Bluetooth product manufacturing companies form a governing body to drive development of Bluetooth wireless technology, and implement and market the technology in their products. The main tasks for the Bluetooth SIG are to publish Bluetooth specifications, administer the qualification program, protect the Bluetooth trademarks and evangelize Bluetooth wireless technology.

Unsolicited Commercial Communication (UCC)

Telemarketing has emerged as one of the simplest and cost efficient tool for marketing products. A large number of these ‘telemarketing’ calls and SMSs are unsolicited, i.e. the receiving party does not want to receive such calls or messages. Such messages disturb the recipients, intrude into their privacy, and impose a cost in terms of time and effort. We can term such type of calls or messages as Unsolicited Commercial Communications (UCC).

Unsolicited commercial communication means any message, through telecommunications service, which is transmitted for the purpose of informing about, or soliciting or promoting any commercial transaction in relation to goods, investments or services which a subscriber does not want to receive. Why most of the telemarketing calls are made to the mobile phones is because the subscribers have their mobile phones with them at all times and hence can be reached any time.

After receiving a lot of complaints from the subscribers the governments and TRAs imposed a regulation on the telecom operators to maintain a registry of subscribers who doesn’t want to receive such communications. In the year of 2007, TRAI, telecom regulatory authority of India commissioned a common repository, NDND Registry, with the primary objective to curb unsolicited commercial communication.

After the establishment of NDNC registry, Telephone subscriber (Landline or mobile) who does not wish to receive UCC, can register their telephone number with their telecom service provider for inclusion in the NDNC. For customers who would like to register/de-register their request for NDNC registry may dial 1909 or SMS to 1909 with keywords 'START DND' for registration and 'STOP DND' for de-registration.

Unstructured Supplementary Service Data (USSD)

Unstructured Supplementary Service Data (USSD) is a protocol, providing session-based communication, used by GSM cell phones to communicate with the service provider's applications. This is using text based messaging within an open session between the user and the application. The USSC service, which is implemented in the USSD center, exchanges the USSD data between the mobile phone and the application server.

Is this similar to SMS? No, USSD is session based, unlike SMS, which is a store-and-forward technology with transaction capabilities. Most of the user interactive applications hug this standard because of the session-based feature and less response time.

The standard can be used to create value added services for operators, service providers, and enablers in the mobile interaction industry. Some of the well known USSD based applications offered by the telecom operators are prepaid balance inquiry, top-up, caller tune selections, balance transfer etc. In all these applications what we are doing is simply sending preformatted text messages to a short code published by the service provider. The USSD center which receives these messages interprets and invokes the corresponding applications to retrieve the desired results and present it to the user.

Pay As You Go(PAYG)

Pay As You Go Plan is getting more popularity among mobile users these days. A PAYG plan means, No Contracts, No monthly payments and No exit charges. This service gives the freedom to pay for the service usage. A prepaid connection is also called as a PAYGO Phone.

An example for a common mobile PAYG service is mobile 3G service which comes along with a prepaid connection. This service will be activated when you are trying to browse, without connecting to a wireless hotspot .The prepaid amount in your mobile will be deducted for the usage of 3G service as per the PAYG Plan.

Pay as you go services are meant especially for the students, those who cannot pay monthly charges as per the contract or those who doesn’t use the service frequently. PAYG service rates are a bit higher than the rates for services with a contract.

Find Me/Follow Me Service

An advanced call forwarding facility provided by most of the telecom providers in the world.

Find Me service refers to the ability to receive incoming calls at any location by forwarding the calls either in sequence or at the same time, to a list of numbers. Follow Me automatically routes your calls to any of the designated numbers, anywhere in the world, following a schedule you provide.

The numbers may be called simultaneously or sequentially, either in a preferred order or in accordance with the user's scheduled activities and locations. Once the list has been called and if no connection is made, the system may route the call to voice mail.

If you have subscribed for Find Me/Follow Me service then anyone can reach you any time, with one number to dial. Follow-Me is indispensible for any enterprise that cannot afford to miss calls or have calls left unanswered. The employees can have all their incoming calls seamlessly transferred to their mobile phones or land line based on the schedule they have configured.

To setup this service the user has to subscribe for the Find Me/Follow Me service. Login to the service provider’s portal using the user credentials availed on subscription. Create a Find Me/Follow Me profile and add the designated phone numbers with its sequences and work schedule information.