Connections between phone & computer

There are particular security risks associated with connecting your phone to your computer in order to transfer information.

Infrared security

Infrared provides a secure and simple way to transfer and synchronise data between your phone and your computer. In order for infrared communication to work properly, infrared devices must operate on a line-of-sight basis. They must be placed at a 30-degree angle from each other and no farther than 1 metre (approximately 40 inches) apart. Because infrared operates over such a short distance and at a narrow angle, it is relatively difficult for an attacker to intercept data that is sent over infrared.

However, infrared does not provide data encryption, so take the following precautions to ensure that data sent over infrared is not intercepted:

  • Do not enable infrared image transfer.
  • Infrared image transfer is disabled by default (that is, the option to use Wireless Link to transfer images from your device to your computer is disabled). If you enable this option, all of the incoming files that are sent over infrared image transfer are automatically accepted. Because incoming files might contain harmful programs, ensure that the files originate from a trustworthy source. Do not open files if you cannot verify the source, do not recognise the file format or are unsure of the content. Instead, delete the files immediately.
  • Align infrared devices so that they are between 0.1 metre (approximately 4 inches) and 0.5 metre (approximately 20 inches) apart when you establish an infrared link between two devices. Although the transfer can take place at a distance of up to 1 metre, placing the devices closer together minimises the risk of interference from an outside infrared device.
  • Ensure that all infrared devices and data sources are trustworthy.
  • Finally, if you are transferring data via infrared to another person, conduct the transfer in a private location whenever possible.

Bluetooth security

Bluetooth provides a way to connect and exchange information between devices such as mobile phones, PCs, printers, digital cameras and video game consoles.

Bluetooth lets these devices communicate with each other whenever they are in range. The devices use a radio communications system, so they do not have to be in line of sight of each other and can even be in separate rooms, as long as the transmission is powerful enough.

A common task that involves Bluetooth security for most users is the "pairing" of devices. By default, Bluetooth communication does not require the two devices to exchange security information or 'authenticate' and thus almost any device can freely connect to another. However, to access a particular service such as a dial-up account, a voice gateway, or to do a file transfer, some sort of authentication is usually required.

The process of authentication is usually done during the pairing process by entering identical PIN codes (passkeys) on both devices. Once users have entered their correct PIN codes, both devices will generate a link key, which can be stored in the device's memory and will allow it to skip the authentication and authorisation process when it attempts to communicate with the other paired device in the future.

Unfortunately for Bluetooth users, the process of authentication and authorisation to access services is not always correctly implemented by manufacturers. Such weaknesses have already affected several Sony Ericsson and Nokia mobile phones, allowing malicious hackers to steal phone books, photos and calendar information, or to make phone calls or send SMS using other people's mobile phones. This is because authorisation is not required for two important services on these phones.