Top-down security

I’m sure the look on my face was incredulous, but the inspector was resolute. “Yep,” he said, “the ball joint.”

And thus it was that the Commonwealth of Virginia decreed that my nearly new car was unsafe to drive on public roads. I called the BMW dealership and conversed about this new development. On the way home from the dealership, having left my formerly beloved vehicle to have its entire front suspension replaced, I directed my rental car into an Acura dealership. Four-figure repair fees were at the top of my mind.

Before long, we were tooling around in a snazzy new Acura TL, when the salesman pointed out the hands-free options on the car’s communications menu. “It uses Bluetooth,” he noted. “That means the car will sync with your phone, understand your spoken commands, and make your calls for you.” He said it would also act as a hands-free speaker phone.

I had a random wave of thoughts about $37,000 mobile speaker phones, Danish kings with dental hygiene so bad they were named “Bluetooth,” and security. I asked the obvious question: “So what happens if someone pulls up next to me in another Bluetooth-enabled car?”

The salesman, a former IT executive, looked at me blankly. “Would they be able to listen in on my Bluetooth-enabled conversation?” I asked. The salesman didn’t know.

A couple of days later, I was at the AT&T Wireless store in an effort to be the first in my town to take advantage of Local Number Portability, thereby trying out something cool in terms of technology while also dumping Sprint PCS as unceremoniously as possible.

As we worked our way through the complex array of paperwork, I asked the salesman about the Bluetooth capabilities of the Sony Ericsson T616 I’d just selected. “Can people overhear what I say?” I asked. He didn’t know.

I was having visions of 802.11 as I thought about the great exposé I could write. But, as is often the case, I’d forgotten about the briefings I’d received over the years about Bluetooth. The people who designed Bluetooth actually thought about security in advance. No exposé here.

To address security, Bluetooth communications use frequency-agile digital spread spectrum and encrypt the data stream. The devices share the encryption key when they perform pairing, and when that happens, the devices won’t talk to anything else that’s not paired. This doesn’t mean you can’t receive the signals – after all, this is RF. But you can’t receive the whole stream, and even if you could, it’s encrypted.

According to Tobe Cohen and Mike Ferguson, both vice presidents at GN Netcom, the largest maker of Bluetooth devices, Bluetooth security is so good that it’s used by the U.S. government. The security seems to be at such a level that your conversations about your strategic plans are safe from electronic eavesdropping. Of course, given Bluetooth’s limited range, if you’re close enough to snoop, you can probably just use your ears and listen.

Still, it’s good to see that at least one wireless product out there is safe enough for your enterprise, and has been that way from the beginning. Maybe if enough IT managers insist on that quality of security for the rest of the wireless product universe, it might actually happen. One can only hope.