Editing Bluetooth (section)

==== 2001–2004 ====
In 2001, Jakobsson and Wetzel from [[Bell Laboratories]] discovered flaws in the Bluetooth pairing protocol and also pointed to vulnerabilities in the encryption scheme.<ref>{{cite news
|title=Security Weaknesses in Bluetooth
|publisher= RSA Security Conf.&nbsp;– Cryptographer's Track
|citeseerx=10.1.1.23.7357
}}</ref> In 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in some poor implementations of Bluetooth security may lead to disclosure of personal data.<ref>{{cite web
|title=Bluetooth
|publisher=The Bunker
|url=http://www.thebunker.net/resources/bluetooth
|access-date=1 February 2007
|archive-url = https://web.archive.org/web/20070126012417/http://www.thebunker.net/resources/bluetooth |archive-date = 26 January 2007}}</ref> In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the [[CeBIT]] fairgrounds, showing the importance of the problem to the world. A new attack called [[Bluebugging|BlueBug]] was used for this experiment.<ref>{{cite web
|title=BlueBug
|publisher=Trifinite.org
|url=http://trifinite.org/trifinite_stuff_bluebug.html
|access-date=1 February 2007
|archive-date=23 December 2018
|archive-url=https://web.archive.org/web/20181223163514/https://trifinite.org/trifinite_stuff_bluebug.html
|url-status=live
}}</ref> In 2004 the first purported [[computer virus|virus]] using Bluetooth to spread itself among mobile phones appeared on the [[Symbian OS]].<ref>{{cite web
|author=John Oates
|date=15 June 2004
|title=Virus attacks mobiles via Bluetooth
|website=The Register
|url=https://www.theregister.co.uk/2004/06/15/symbian_virus/
|access-date=1 February 2007
|archive-date=23 December 2018
|archive-url=https://web.archive.org/web/20181223163603/https://www.theregister.co.uk/2004/06/15/symbian_virus/
|url-status=live
}}</ref>
The virus was first described by [[Kaspersky Lab]] and requires users to confirm the installation of unknown software before it can propagate. The virus was written as a proof-of-concept by a group of virus writers known as "29A" and sent to anti-virus groups. Thus, it should be regarded as a potential (but not real) security threat to Bluetooth technology or [[Symbian OS]] since the virus has never spread outside of this system. In August 2004, a world-record-setting experiment (see also [[Bluetooth sniping]]) showed that the range of Class&nbsp;2 Bluetooth radios could be extended to {{convert|1.78|km|mi|abbr=on}} with directional antennas and signal amplifiers.<ref>{{cite web
|title=Long Distance Snarf
|publisher=Trifinite.org
|url=http://trifinite.org/trifinite_stuff_lds.html
|access-date=1 February 2007
|archive-date=23 December 2018
|archive-url=https://web.archive.org/web/20181223163536/https://trifinite.org/trifinite_stuff_lds.html
|url-status=live
}}</ref>
This poses a potential security threat because it enables attackers to access vulnerable Bluetooth devices from a distance beyond expectation. The attacker must also be able to receive information from the victim to set up a connection. No attack can be made against a Bluetooth device unless the attacker knows its Bluetooth address and which channels to transmit on, although these can be deduced within a few minutes if the device is in use.<ref>{{cite web
|title=Dispelling Common Bluetooth Misconceptions
|publisher=SANS
|url=http://www.sans.edu/research/security-laboratory/article/bluetooth
|access-date=9 July 2014
|archive-date=14 July 2014
|archive-url=https://web.archive.org/web/20140714150109/http://www.sans.edu/research/security-laboratory/article/bluetooth
|url-status=dead
}}</ref>