Russell's picked up on my recent hideous Bluetooth experience. Whilst I'm not as convinced as he seems to be that Bluejacking is anything more than a passing fad, he gives a good overview of it all.
I'd be interested in knowing a few things:
1. What's the legal situation with this stuff, i.e. sending content (potentially offensive content) to strangers, particularly random strangers?
2. What are handset manufacturers going to do (if anything - if BJing is a passing fad it may not be worth the effort) to give control of the experience back to phone owners? Settings to accept certain media types only from recognised handsets? Marking handsets as "known" and thus safe to receive media from (i.e. a step below "paired")? Previews of content before you get it?
3. Given the current hysteria over porn and 3G, will operators feel the need to offer locked-down handsets which prevent the transfer of pornographic content (as if that's possible!), or at least impede it? How long before we hear of the first BlueGrooming (whether or not this stuff poses any real threat to children is a completely different matter - it's got many of the characteristics of a good old tabloid scare story)? What will the operators do about this - most of the measures I've seen proposed to counter this stuff operate at a network, rather than handset, level.
4. Are people using this sort of thing for anything more interesting than pranks? We've talked about Bluetooth at conferences and in installations before now (imagine a service which offers anyone who walks past your stand a video clip or URL for your product - but only the first time they're seen), is anything actually being done?
Its covered under UK law at the moment as part of telecomunnications act, which makes an offence to use any telecoms system to send offensive or illegal content.
Consumer behaviour can't be regulated by the operators in the same way that they can't stop drug dealers using mobiles to make deals. People who walk round with their BT settings set to discoverable are asking for trouble, and unfortunatly thy hysteria about bluedating only encorages people to open their phones up to security risks. Imagine if there was a story about how you could meet potential dates by installing IIS on your pc, removing the firewall and AV protection. That's effectively what has gone on here.
Posted by: John | June 18, 2004 at 10:57 AM
Cheers John - agree with you re regulation and the impossibility of realistic enforcement. Unfortunately lots of people seem to consider technology a magic bullet for this stuff.
Not sure that Bluetooth equates to a security risk in itself - I mean, handsets are open to receiving content by SMS which can (in some cases) be used to overflow buffers etc., but this doesn't mean that SMS is in itself insecure - just that certain implementations are (or have been).
Likewise with Bluetooth - I would expect consumers to move more towards leaving it on, particularly as batteries improve. But to get to this point safely we need solid and secure implementations...
Posted by: Tom Hume | June 21, 2004 at 09:16 AM