Article published in Issue Number: 070302Bewitched by Bluetooth By Joel and Rachael Rydbeck, Nubrek Inc.
luetooth is a technology of convenience. It allows us to wirelessly connect to all sorts of electronic devices: cell phone earpieces, laptops, mouses and even cars, for example.
Despite a slow start, this technology is now commonplace. Bluetooth-enabled personal area networks (PANs) provide wireless connectivity among electronic devices in close proximity.
If you don't own a Bluetooth earpiece, you have undoubtedly seen people using them. Such individuals may look like Star Trek characters, but at least they aren't fumbling for headsets in their cars.
Moving beyond earpieces and cars, Bluetooth has real potential in the electronic payments industry.
Bluetooth basics
Ever wonder why Bluetooth earpieces work with only their owners' phones?
The technology uses a pairing process to enable devices to communicate with one another. A single device can be paired with more than one Bluetooth-enabled device. An earpiece, for example, can be paired with a laptop computer and a Blackberry personal digital assistant (PDA).
Setting up pairs is a sequenced process; it is the foundation for security among Bluetooth devices. Here are five steps for pairing an earpiece and a cell phone:
- Press the button on your earpiece that puts it into visible mode. (You may need to study the earpiece's instructions to find this button.)
When a device is in visible mode, it can actively respond to requests from devices with which it has not been paired. In hidden mode, a device listens and communicates only to devices with which it is paired.
- Instruct your phone to "search" for other Bluetooth devices. Your phone will then show you a list of visible devices with which it is able to communicate.
- Select the earpiece, which should appear on the list. The earpiece will tell the phone it needs a PIN to complete the pairing.
- Create and enter a PIN, as requested, via your cell phone keypad. This will complete the pairing. A passkey for authentication will automatically generate each time the pair communicates thereafter.
Some devices or pairs may encrypt their transmissions; others may not. Since information passed among all Bluetooth devices is exchanged over the same frequencies, unencrypted information can be intercepted easily. For this reason, encrypted pairing is essential for secure communication.
Now that Bluetooth technology adoption is widespread, third-party applications have begun to leverage the technology for everyday practices. For instance, Bluetooth Remote Control, a shareware application, turns Bluetooth-enabled phones into remote control devices for Bluetooth-enabled computers. For more information, visit www.blueshareware.com/bluetooth_remote_control.asp.
Did you know that Nintendo Wii controllers use Bluetooth to communicate with consoles? So do the Sony PlayStation 3 and Microsoft Xbox 360. FedEx Corp. and UPS drivers use Bluetooth connectivity as well.
Bluetooth blues
Just like a computer network, a Bluetooth network is vulnerable to attack. Be aware of this risk, and educate your clients on how to effectively secure their PANs.
Last year, the security company F-Secure Corp. researched Bluetooth-enabled devices. It reported that they are susceptible to viruses, worms and hacking.
When a Bluetooth device is in visible mode, other Bluetooth devices can find and connect to it. Similar to a computer connected to the Internet, this provides nearby attackers with a means to potentially compromise the device.
When a device is in hidden mode, the attack becomes exponentially harder to perform and is theoretically next to impossible.
In 2004, many news organizations published articles about a bug detected in cell phones provided by several different vendors. The flaw allowed people to query devices for phone books. And they were able to browse cell phone data unbeknownst to the phones' owners.
One individual in London loaded the necessary hacking equipment into his backpack and went for a walk. In 30 minutes he made contact with 192 phones, 54 of which were vulnerable to the exploit and would have surrendered their phonebooks upon request.
Bluetooth security
You can take steps to address security. However, procedures vary by device. It may take some research on your part to identify the appropriate steps for securing your equipment. Here are some recommendations from F-Secure:
- Enable visible mode on your device only if you are about to pair it with another Bluetooth device.
- Once the intended devices are paired, return both of them to hidden mode.
- Do not accept a pairing request from a device you don't recognize. If this occurs, your device may be in visible mode.
You can find more information about this topic at www.securenetwork.it/ricerca/whitepaper/download/bluebag_brochure.pdf.
Bluetooth unleashed
As wireless technology develops, the payments industry will benefit from Bluetooth PANs in several ways.
One mobile solution is the Ingenico i7780. It can use Bluetooth to communicate with a base station. This gives terminals roaming ability within their respective sales environments.
The flexibility, ease of use and aggregated cost savings this functionality offers are significant. Visit www.ingenico-us.com/products/pdfs/i7780_usa.pdf for further details.
Certain PDA models can be equipped to handle payment transactions via wireless points of sale employing Bluetooth-enabled card readers and printers. As Bluetooth security increases, additional applications will emerge. Already, cash registers are using Bluetooth barcode readers.
Security issues will probably continue to limit Bluetooth's rollout in the payment processing space. However, it will be important to stay abreast of developments so you can advise your customers as they incorporate this technology into their businesses.
Joel Rydbeck, Chief Technology Officer of Nubrek Inc., brings his strong background in e-commerce and business process automation to the merchant services industry. Rachael Rydbeck, President of the company, has a background in product management and technical writing. Nubrek offers eISO, a Web application for ISOs that tracks leads and provides automated residual and commission reports. For more information on eISO or to view a free demo, visit
www.nubrek.com/eiso.html. E-mail Joel at
joel@nubrek.com or Rachael at
rachael@nubrek.com.
|