BlackBerry Connection ™ Your connection to the world of BlackBerry BlackBerry
January 2007
IT Edition Home Subscribe Feedback Update Profile Archives

IT Policy Spotlight: Managing Bluetooth Security on BlackBerry Devices

Understanding the Security Concerns
The BlackBerry Enterprise Solution: Bluetooth Security Options
How IT Managers Can Protect BlackBerry Devices
Help Your Users Protect their BlackBerry Devices

Understanding the Security Concerns

Bluetooth® technology, and the convenience of working hands-free, is a benefit most users don't want to give up. The relatively short range of most Bluetooth devices helps reduce most security issues, however, some vulnerabilities remain. Fortunately, they can be minimized as part of a solid IT management plan.

For the most part, the relatively short range of Bluetooth devices helps reduce some, but not all, of the issues.

Most IT professionals are familiar with Bluetooth security concerns such as Bluesnarfing, where a hacker copies information from a bluetooth-enabled device to access phone numbers, calendar information and other sensitive corporate documents, or Bluebug attacks, where a hacker can access a smartphone's commands to make phone calls, add or delete contact info, or eavesdrop on the owner's conversations.

Bluetooth devices can also be targets of Denial of Service (DoS) attacks by bombarding the device with so many requests that the battery degrades.

IT policies designed for the BlackBerry® Enterprise Solution allow IT administrators to determine how Bluetooth technology is used on BlackBerry® devices. By reducing the security vulnerabilities of Bluetooth technology, IT groups can offer their users convenience and still maintain corporate security.

The BlackBerry Enterprise Solution: Bluetooth Security Options

There are steps that IT administrators can take to minimize the impact of Bluetooth security attacks. The BlackBerry Enterprise Solution is designed to offer a range of options that help protect Bluetooth-enabled BlackBerry devices.

Any Bluetooth-enabled device can be at risk when:

  • The Bluetooth radio is enabled
  • The device is set to Discoverable (visible) mode
  • The device is physically located within range of a hacker

Bluetooth profiles specify how applications on the BlackBerry device and on Bluetooth-enabled devices connect and are interoperable. BlackBerry devices currently support three profiles to help reduce the risks of a security attack:

  • Serial Port Profile (SPP): This profile helps configure serial connections between a BlackBerry device and a Bluetooth-enabled peripheral that uses a virtual serial port
  • Hands Free Profile (HFP): This profile works with the SPP to enable wireless voice capabilities with most headsets and some car kits
  • Headset Profile (HSP): This profile works with the SPP to enable wireless voice capabilities with most headsets and some car kits

The pairing process is one of the most basic levels of security for Bluetooth-enabled BlackBerry devices. When the BlackBerry device attempts to pair with a Bluetooth-enabled device, it requests a combination passkey for authentication. The combination key is unique to the BlackBerry device and the Bluetooth-enabled device that it's paired with. Once the devices pair with each other, they become secure.

Making Bluetooth-enabled devices hard to detect when they are not being used is another built-in security feature. IT managers can set the Disable Discoverable Mode IT policy rule to False to make it more difficult for potential attackers to locate BlackBerry devices and compromise them.

Administrators can also use the IT policy rule to turn off the Bluetooth radio on BlackBerry devices. When the radio is not operational, the BlackBerry device is not open to a Bluetooth attack.

How IT Managers Can Protect BlackBerry Devices

To help prevent security breaches on Bluetooth technology, IT departments can perform these simple checks to ensure all available security measures are in place.

  • Upgrade to BlackBerry® Enterprise Server v4.0 or later to access the IT policy rules that control the use of Bluetooth wireless technology on BlackBerry devices. Beginning with version 4.0, the BlackBerry Enterprise Server supports sending IT policy rule updates to BlackBerry devices over the wireless network.

Note: IT policy rules for Bluetooth wireless technology are also available in BlackBerry Enterprise Server version 3.6 Service Pack 3 or later for Microsoft® Exchange.

  • For BlackBerry Enterprise Server v4.1 and later, create a separate IT policy group for users who must use Bluetooth wireless technology. Turn off Bluetooth functionality for all other IT policy groups. Visit www.blackberry.com/knowledgecenterpublic/ and read the BlackBerry Enterprise Server Administration Guide for information about assigning IT policies to a group.

Review the BlackBerry IT policy rules for Bluetooth wireless technology, and make sure that they are set correctly for your environment.

  • If a user does not require access to Bluetooth wireless technology, set the Disable Bluetooth IT policy rule to True to turn off access to both Bluetooth wireless technology and the Bluetooth radio on the user's BlackBerry device.
  • If you are concerned about unauthorized access to a user's BlackBerry device, but you still want to permit that user to use Bluetooth wireless technology, pair the BlackBerry device with the Bluetooth-enabled device, then turn off the pairing functionality. After you perform this action, only the approved peripheral can pair with the user's BlackBerry device.
  • Stay current on viruses and worms that are threats to mobile devices. Assess whether BlackBerry devices are vulnerable to an attack, and then take steps to inform the appropriate individuals in your organization and to protect your corporate BlackBerry devices.

Help Your Users Protect their BlackBerry Devices

To help protect BlackBerry devices from bluejacking, bluesnarfing, and bluebugging attacks, educate users about securing their own devices. Here's what they can do:

  • Leave the BlackBerry device set to non-Discoverable mode.
  • If the BlackBerry device is set to Discoverable mode, deny requests to pair with unknown Bluetooth-enabled devices.
  • When pairing a BlackBerry device with a Bluetooth-enabled device, set the BlackBerry device to Discoverable mode only for as long as it takes to complete the pairing.
  • Complete device pairings in private, uncrowded areas only.
  • Choose to encrypt data traffic to and from the BlackBerry device. The BlackBerry Enterprise Solution uses the passkey to generate encryption keys. BlackBerry devices use Bluetooth Security Mode 3 and the highest encryption key length available on the paired device (minimum = 8 bits/maximum = 128 bits).
  • Protect the assigned name of your BlackBerry device. If an attacker knows the name of the BlackBerry device, the device is vulnerable to an attack, even when it is set to non-Discoverable mode.

IT Policy Rules for Bluetooth Wireless Technology

There are a variety of IT policies that help manage and control Bluetooth technology. With the BlackBerry Enterprise Solution, you can manage all Bluetooth-enabled BlackBerry devices simultaneously, or you can manage individual BlackBerry devices.

Note: the following policy rules are provided in the BlackBerry Enterprise Solution manual.

IT policy rule

Default setting

Configuration notes

Allow Outgoing Calls

0: Always
By default, a user can place outgoing phone calls from a Bluetooth-enabled BlackBerry device.

The following configuration options are available:
0: Always
1: Only when unlocked
2: Never
If you select an option instead of accepting the default setting, you can reduce the risk that an attacker can initiate phone calls from a Bluetooth-enabled BlackBerry device.

Disable Address Book Transfer

False
By default, a user can exchange address book information wirelessly between a BlackBerry device and a Bluetooth-enabled device.

When you set this rule to True, it can prevent address book data exchange using AT commands with supported Bluetooth-enabled car kits.

Disable Bluetooth

False
By default, Bluetooth wireless technology is enabled on the BlackBerry device.

When you set this rule to True, you turn off the Bluetooth radio. Use this policy rule to prevent BlackBerry devices from using Bluetooth wireless technology.
Warning: If the Bluetooth wireless radio is active when you apply this rule, you must reset the BlackBerry device for the change to take effect.

Disable Desktop Connectivity

True
The default setting prevents connections between the BlackBerry device and the BlackBerry Desktop Manager using Bluetooth wireless technology.

Disable Discoverable Mode

False
The default setting prevents the use of Discoverable mode on Bluetooth-enabled BlackBerry devices.

Disable Handsfree Profile

False
By default, the Bluetooth HFP is enabled on the BlackBerry device.

When you set this rule to True, you prevent connections that use the Bluetooth HFP.

Disable Headset Profile

False
By default, the Bluetooth HSP is enabled on the BlackBerry device.

When you set this rule to True, you prevent connections that use the Bluetooth HSP.

200+ IT Policies with the BlackBerry Enterprise Solution

The IT policies designed to manage Bluetooth-enabled BlackBerry devices are just a few of the IT policies that RIM has developed for the BlackBerry. With over 200 IT policies, BlackBerry leads the way in helping administrators manage and control their entire wireless solution through intuitive and comprehensive IT management tools.

To find our more, see the BlackBerry Enterprise Server Policy Guide, which includes all of the IT Policies available with the BlackBerry Enterprise Solution.

 
GO

BlackBerry.com   |   About Us   |   Careers   |   Legal   |   Purchasing Information

* Offers subject to change without notice. Please check offer details for more information. Void where prohibited.
Check with service provider for availability, roaming arrangements and service plans. Certain features outlined in this document require a minimum version of BlackBerry Enterprise Server Software, BlackBerry Desktop Software, BlackBerry device software and/or BlackBerry devices and may require additional development or third party products and/or services for access to corporate applications. Prior to subscribing to or implementing any third party products and services, it is your responsibility to ensure that the airtime service provider you are working with has agreed to support all of the features of the third party products and services. Installation and use of third party products and services with Research In Motion's ("RIM”) products and services may require one or more patent, trademark or copyright licenses in order to avoid infringement of the intellectual property rights of others. You are solely responsible for determining whether such third party licenses are required and are responsible for acquiring any such licenses. To the extent that such intellectual property licenses may be required, RIM expressly recommends that you do not install or use these products and services until all such applicable licenses have been acquired by you or on your behalf. Your use of third party software shall be governed by and subject to you agreeing to the terms of separate software licenses, if any, for those products or services. Any third party products or services that are provided with RIM products and services are provided "as is." RIM makes no representation, warranty or guarantee whatsoever in relation to the third party products or services and RIM assumes no liability whatsoever in relation to the third party products and services, even if RIM has been advised of the possibility of such damages or can anticipate such damages.

The above information regarding third party products and services is provided in BlackBerry Connection for your information. Since third parties provide the information to Research In Motion Limited ("RIM") and RIM relies on the information without performing any independent investigations, RIM makes no warranty or guarantee concerning the features, reliability, or pricing of the third party products or services, or their compatibility with any RIM products.

©2007 Research In Motion Limited. All rights reserved.
Sign Up
Send to a Friend
Contents
Information Technology
Managing Bluetooth Security on BlackBerry Devices
IT Visionary Makes Mobility Central to Deploying New Technologies
Beyond Quick Start: A Webcast series for Novell® GroupWise® Users
Personalize Your Device with These Software Offers
Tips and Tricks
Features
Discover the Latest Devices
Find the one with the features and performance you need.
Blackberry 101
Tips and demos for getting started using your device
Already have a BlackBerry device? Turning it into a brand new, sleek BlackBerry® device is smarter and more affordable than ever.