Mobile and Secure.Com

I went to see a film at the local cinema with a friend recently, and as we were exiting the cinema screen his mobile started beeping. It was being bombarded with Bluetooth messages. Upon inspecting the messages he found that all of them were adverts.

Now while my mate was mad at this electronic intrusion, and at himself for leaving Bluetooth enabled on his phone, I was a little curious about this ‘service’.

Now I haven’t used Bluetooth since it first came to my attention way back when I was working for a telecommunications company some years ago. I’d played with Bluetooth back then on a SonyEricsson P800, but these days most mobile handsets probably come with Bluetooth. So with so many people carrying Bluetooth enabled mobile phones, PDAs, and laptops, direct marketing to these devices must be pretty appealing to some.

This Bluespam, Proximity Marketing, or Bluecasting as it’s sometimes known, is proving popular enough that several companies have developed small servers running custom applications that can be set up in public places, and can transmit Bluetooth delivered spam to any Bluetooth enabled device (set to discoverable) within 100m/300ft (class 1) of the server.

Not only can these servers send out text messages, but also images, audio, video, and Java applications. The latter is probably meant to deliver games but there is no reason why other java applications could not be transmitted from these anonymous servers as you walk past (within 10m as mobile phone Bluetooth aerials are only class 2).

Reading further, I also learned that these servers can keep records of any devices they detected and transmitted to, along with the date and time. This is designed to allow them to deliver different content every time the same device is detected. Thinking about it, it’s also a great way of tracking a device’s movements if you have a number of these servers over a wide area, such as say, in a city, and they are networked. In theory you would be able to track the movements of the device within the network while targeting it with specific adverts.

McDonald’s announcement that it will be offering free Wi-Fi to its UK customers from this December started me thinking about the security implications. Not just the fact that people will try to get free Wi-Fi anyway without buying anything - how near to a Mickey D’s do you have to be in order to pick up a signal? Do you have to buy say, fries every hour in order to get free access on the premises? - But also that some of the patrons may actually be tempted to check their email accounts, access their online bank accounts, and generally use the free internet connection as they would normally use it from home or work, while enjoying their happy meal.

McDonald’s may just end up being the new hangout for identity thieves.