HomeBlogsIgor Faletski's blog

Mobile Offenders

Submitted by Igor Faletski on December 12, 2006 - 9:47am.
in

It was just a regular weekday. I hopped a skytrain on my way home from a meeting downtown, found a seat and put on my Bluetooth headphones. Seconds later, my phone was dutifully streaming yet another podcast as I was spacing out, enjoying the view.

Suddenly, it started vibrating. The podcast was still on, so I knew it wasn't a voice call. "The medium is the message" says McLuhan and I couldn't agree more. Only my close friends contact me by SMS and I immediately felt positive, eager to read the news, whatever it was. I was in for a surprise however, as the display contained an unfamiliar prompt. It was asking me this: "Do you want to accept an object from F**K YOU?", only without the stars. My first reaction was "What the hell, of course I am not going to accept anything from a device named like that". Only a millisecond later I realized that the whole point of this was to insult me in this new, cowardly fashion. The object (likely, an image or a sound) itself could have been even more offensive.

As it was a Bluetooth prompt (most people keep Bluetooth off, but as an early adopter of a pair of wireless headphones, I don't), I knew it was someone close by. Of about a dozen people in the train car two or three were playing with their phones. There was no way to find out exactly who did that - it could have been someone from an adjacent car, even. I had trouble imagining that the offender would do this without getting the satisfaction of watching me look around the train, so I started thinking that it was the person behind me. I turned around just to be greeted by a smile of a gray-haired lady.

It all happened in just under a minute, but every time I think about this, the consequences seem more and more foreboding. Anyone wearing a headset obviously has Bluetooth enabled on their communication device. My headphones manifest their wireless nature with a light that blinks blue every three or four seconds (it's totally unnecessary and makes me feel like a helicopter flying around in the fog with its warning lights turned on). Most, if not all Bluetooth implementations output the object exchange prompt on the main screen (it's assumed that the owner of the phone is aware of the incoming transfer). Therefore, anyone can easily offend multiple people using a trivial Bluetooth broadcast. It's even worse than internet spam, as mobile devices are considered highly personal.

Commuters have been using Bluetooth in several surprising ways. This was something else and it wasn't cool. I wouldn't go as far as calling it a critical flaw that has to be addressed by the Bluetooth Consortium as soon as possible. Still, attacks like these have a worrisome potential of being as offensive and disruptive as swearing, while staying highly anonymous. 

So, how should the industry deal with this? Can situations like mine be avoided? It seems that the answer is not clear yet. There are many similarities between Bluetooth spamming and Internet spamming (the latter still alive after years of legislative and technological battles). We could implement filters that would block people with offending device names, but that could be overcome using numbers or foreign character sets. Any sort of "white list" that would block out unknown Bluetooth peers would greatly hamper adoption of the technology. Finally, many consumers don't even realize their phones have Bluetooth and they most certainly wouldn't know how to set up their defenses. It will be up to the handset manufacturers to achieve a balance between security and freedom of communication.

 In general, privacy implications of recent advances in the field of mobile communications are only just starting to manifest themselves. Remember when a hacker that obtained Paris Hilton's phonebook compromised numbers of dozens of celebrities? Thousands of phones get stolen or lost every day and as we continue to concentrate our communication and data storage needs in one device, the risk becomes greater and greater. If the mobile devices are truly to be seen as "extensions" of the human body (as some researchers like to put it), being able to do more also means becoming vulnerable in brand new ways.

 


Submitted by Richard Smith on December 12, 2006 - 7:56pm.
"toothing" is sometimes overblown, and it is possible to use bluetooth without exposing yourself to unwelcome messages - just "pair" the devices you use and then make your device invisible again. It will be visible to the paired devices, still. The problem, I think, is unfamiliarity - like going onto skype and setting your status as "skype me" -- you get all kinds of unwelcome inquiries. Some people, sometimes, want random messages from unknown people. But most people do not. Any successful technology or software will enable both promiscuity and privacy, but in the case of mobile phones, with their sometimes obscure interfaces, the privacy settings can be a bit hard to find sometimes.
Submitted by Leora Kornfeld (not verified) on December 12, 2006 - 8:45pm.
may i take the liberty of renaming this post 'an inconvenient 'tooth'?
Submitted by Jim Udall on December 14, 2006 - 10:56am.
I don't have a profound comment except to recount a similar incident. I was driving home south on Oak street during rush hour and stuck in traffic. I too received a "push" from someone wanting to deliver an object to me. I consider myself a techno-geek, but really: sitting stuck in traffic looking for BT mates to push content to? Proof positive that the killer application for mobile devices is the one that kills idle time.