Security Solutions India
 

Access Control & Security Systems Online Directory

Home		  

Google  

 
Browse the subcategories
Wireless Security
Bluetooth Security
Protecting Bluetooth devices
Bluetooth FAQs

 

5 latest products
 

HP iPAQ rx3715 Mobile Media Companion

 

JABRA® BT250™

 

Parrot CK 3100

 

Bluetooth Audio Player OBH-0100

 

Nokia 6600

Featured Product
 

Apple wireless keyboard and Mouse

Latest
 

Sony Ericsson Headset HBH-660
 

 

Complete software solutions for  payroll software  for offices, guarding companies, outsourcing companies, exporters, schools... medical softwares like audio vestibular data management system, gynaecological software

www.vnv.in
 

You are here: Home >>Mobile Security Systems >> What is Cabir worm

What is Cabir worm? 

 
What is the Cabir Worm? Which devices does the Cabir Worm affect?
The Cabir worm is malicious software, also known as malware. When installed on a phone, it uses Bluetooth technology to send itself to other similarly vulnerable devices. Due to this self-replicating behavior, it is classified as a worm. 

The Cabir worm currently only affects mobile phones that use the Symbian Series 60 User Interface Platform and feature Bluetooth wireless technology. Furthermore, the user has to manually accept the worm and install the malware in order to infect the phone. More information on the Cabir worm is available from the software licensing company Symbian and on the websites of F-Secure, McAfee, and Symantec.

 

 
How does a PIN affect security?
The Personal Identification Number (PIN) is a 4 or more digit alphanumeric code that is temporarily associated with one's products for the purposes of a one time secure pairing. It is recommended that users employ at minimum an eight character or more alphanumeric PIN when possible. Product owners must share that PIN number only with trusted individuals and trusted products for pairing. Without this PIN number, pairing cannot occur. It is always advisable to pair products in areas with relative privacy. Avoid pairing your Bluetooth enabled devices in public. If, for some reason, your devices become unpaired, wait until you are in a secure, private location before repairing your devices.

 

 
Do I need to remember my PIN?
No. It is not necessary to remember your PIN except in the seldom situation when the PIN is a fixed PIN - in which case simply retaining the user manual, with given PIN, for future reference is advisable.

 

Why does pairing in a public location potentially introduce a security risk?
Theoretically a hacker can monitor and record activities in the frequency spectrum and then use a computer to regenerate the PIN codes being exchanged. This requires specially built hardware and thorough knowledge of Bluetooth systems. By using a PIN code with eight or more alphanumeric characters it would take the hacker years to discover the PIN. By using a 4 digit numeric PIN code, the hacker could discover the PIN in a matter of a few hours. Still advanced software is required.

 

Is this a real risk to Bluetooth enabled devices?
Bluetooth devices generate a secure connection by means of the initial pairing process. During this process one or both devices need a PIN code to be entered, which is used by internal algorithms to generate a secure key, which is then used to authenticate the devices whenever they connect in the future.
A new academic paper puts forward a theoretical process that could potentially "guess" the security settings on a pair of Bluetooth devices. To do this the attacking device would need to listen in to the initial one-time pairing process. From this point it can use an algorithm to guess the security key and masquerade as the other Bluetooth device. What is new in this paper is an approach that forces a new pairing sequence to be conducted between the two devices and an improved method of performing the guessing process, which brings the time down significantly from previous attacks.
To perform this hack, it is necessary for the attacker to overhear the initial pairing process, which normally only happens once in a private environment and takes a fraction of a second. The authors have put forward some possible methods to try and force a deletion of the security key in one of the two Bluetooth devices, and hence initiate a new pairing process, which they could then listen in to. To do this, they need to masquerade as the second device during a connection. The equipment needed for this process is very expensive and usually used by developers only. If this process succeeds the user will see a message on their device that asks them to re-enter a PIN code. If they do this while the attacker is present, and the PIN code they enter is sufficiently short, then the attack could theoretically succeed.
If the PIN key that has been used consists of only four numeric characters, a fast PC can calculate the security key in less than one tenth of a second. As the PIN key gets longer, the time to crack the security code gets longer and longer. At eight alphanumeric characters it would take over one hundred years to calculate the PIN making this crack nearly impossible.
This is an academic analysis of Bluetooth security. What this analysis outlines is possible, but it is highly unlikely for a normal user to ever encounter such an attack. The attack also relies on a degree of user gullibility, so understanding the Bluetooth pairing process is an important defense.

 

Can the SIG guarantee me that all of my future Bluetooth products will be secure?
Absolute security can never be totally guaranteed - in technology or otherwise. Security is an ongoing and important effort for any technology. The Bluetooth SIG has made security a high priority from day one with security algorithms that to date have proven adequate. In the roadmap for the advancement of Bluetooth wireless technology, the Bluetooth SIG published security and privacy enhancements. These enhancements to the specification further strengthen the pairing process and ensure privacy after a connection is established. We are continuing with our work in this area, trying to always stay a step ahead of people trying to hack into devices.

Related Terms

Browse Categories

Computer And Information Security
CCTV, Surveillance Systems, Equipment & Components
Access Control Components, Equipment And Systems
Alarms, Burglar, Electronic Systems, Equipment & Components
Fire Protection, Detection & Controls
Intrusion Detection
Perimeter Security, Fences, Ballistic
Security & Specialty Services
Security Design Services
Facilities Systems
Miscellaneous
Find Products for :-

 

Find Solutions for:-
Complete information on security services, guarding services, investigators, detectives and security systems. We also have a online directory guide of the companies providing services the above services in different states of India like Delhi, Mumbai, Gurgaon, Banglore, Noida etc. 

www.securityservicesindia.com

 

A Directory on Insurance as well as Insurance related topics updated to the latest. A total solutions site for your basic to advanced Insurance needs
 

www.insurance4india.com

 

Want a loan? Learn the pros and cons for taking a loan and lots of information for your finance problems.

www.finance4india.com

 

Plan a trip to India! Visit the beautiful, culture rich country having diverse climates, castes, languages and creed. Each visit will add a new experience in your life, select your tour and make a trip to India with us

www.visitindia.org.in

 

 

  © Copyright 2005. securitysolutionsindia. All Rights Reserved.