Surce: Enterpriseitplanet.com
By Pedro Hernandez

Redwood City, CA-based Network Chemistry today announced that the company has added a new form of detection to its portfolio of wireless vulnerability assessment tools. While the security space is preoccupied with locking down 802.11, the firm is tackling the other prominent wireless technology, Bluetooth.

Bluecanner, a stand-alone utility for Windows XP (SP2 recommended), was designed to help IT departments reduce their exposure to Bluetooth threats. Meant to be used on notebooks, the software hooks into Windows’ built-in Bluetooth driver. Once activated, it scans the vicinity for discoverable devices approximately once every ten seconds without interrupting the machine’s other wireless functionality.

On the surface, it seems simple: just institute a policy that requires staff to turn off Bluetooth radios or set them to undiscoverable mode. However, without a tool to periodically check for compliance, such policies are rendered ineffective. That’s where Bluescanner comes in.

When a Bluetooth device is detected, the software provides relevant information such as type, supported services and a timestamp. IT staffers can then tag an entry with location information and go on a Bluetooth deactivation spree for systems and peripherals that have no business airing company data.

A couple of factors inspired the software’s creation, not to mention the fact that it complements detection capabilities of RFprotect Mobile, the company’s flagship wireless security suite, as a no-cost bundled component. However, it’s the sheer ubiquity of Bluetooth-enabled devices combined with an industry that continues to underestimate the threat that prompted Network Chemistry to develop and freely distribute Bluescanner, says Brian de Haaf, Director of Product Management.

The company subscribes to the belief that “Wireless security doesn’t only apply to 802.11. Wireless security applies to any device with wireless on it,” says de Haaf.

Describing Network Chemistry as “the best kept secret in the networking and security arena,” de Haaf explains that his company primarily operated behind the scenes in the OEM space. Now they have been making their presence felt after a few years of quietly helping to secure sensitive enterprise and government installations.

Bluetooth, easily dismissed because of its limited range and consumer-centric applications, has been creeping up against big IT lately. No longer relegated to headsets, keyboards, mice and cell phones, the technology is increasingly showing up in all manner of smartphones, notebooks, and PDAs. And experiments have proven that with the right equipment, Bluetooth devices can be detected and interacted with well beyond their 30-foot/10-meter (give or take) range.

This poses a problem for the HIPAA-constrained healthcare field. It’s not uncommon for medical personnel nowadays to tote a portable with patient care data during rounds. Given the semi-public nature of hospitals, the possibility of an attacker lurking in an emergency waiting room only raises the stakes, warns de Haaf.