SOURCE: Network Chemistry

October 17, 2005 08:00 ET

Network Chemistry Announces BlueScanner to Detect Bluetooth Security Vulnerabilities

Leading Wireless Intrusion Detection and Prevention Company Releases Free Tool to Protect Enterprises Against Emerging Threats Posed by Unsecured Bluetooth Devices

REDWOOD CITY, CA -- (MARKET WIRE) -- October 17, 2005 -- Network Chemistry Inc., the leading provider of integrated RF security and management solutions, announced today the availability of its new BlueScanner™ tool, available for download at no charge at www.bluescanner.org. BlueScanner, which provides Bluetooth vulnerability assessment capabilities, is also included in the company's award-winning RFprotect™ Mobile wireless analysis suite. Network Chemistry is the only wireless security company to offer an integrated 802.11 and Bluetooth mobile analysis product that delivers walk-around assessments and enterprise wireless LAN (WLAN) incident response and optimization.

Bluetooth vulnerabilities and attacks are a real and increasing threat to the security of enterprises and end users. BlueScanner protects against these threats by pro-actively identifying Bluetooth devices, their type (phone, computer, keyboard, and more), and the services they advertise. Armed with this information, IT staff can more quickly and easily assess the level of Bluetooth usage and take action to mitigate the security risks the technology poses.

"Network Chemistry has made a terrific contribution to the enterprise community with BlueScanner," said Joshua Wright, a recognized wireless security expert and researcher. "This is a very powerful tool that can help organizations assess existing and emerging Bluetooth threats, for free."

More than five million Bluetooth radios are shipped every week, according to The Bluetooth Special Interest Group (SIG), which has predicted that the number of installed units will reach 500 million by the end of 2005. Although traditionally a cell-phone-centric technology, Bluetooth is now found in a vast array of products such as input devices, printers, medical devices, VoIP phones, whiteboards, and surveillance cameras. The proliferation of these devices in the workplace exposes organizations to security risks.

"Network Chemistry is committed to contributing to the good of the wireless technical community, and one way we do so is by making free security tools available," said Dr. Christopher Waters, Network Chemistry's chief technical officer. "Until now, the industry has focused on security solutions for 802.11 networks, but it's clear that the wireless threat is much larger. BlueScanner is just the first of a list of solutions we're developing that will protect enterprises from a variety of emerging threats, beyond those posed by 802.11."

BlueScanner Thwarts a Wide Range of Attacks

Bluetooth devices were once thought to be at low risk for attack because the technology only enables them to effectively receive transmissions in a close range (about 30 feet). However, Bluetooth transceivers are available in different power classes, and those at the high end are comparable to most 802.11 cards. In addition, high-gain directional antennas can extend the range from which a device can be reliably attacked to over one mile. Phones employing J2ME have become more prevalent, and hackers can write custom Bluetooth attack applications for such devices that make it easier to perpetrate attacks at close range inconspicuously. In response to this increasing vulnerability and to recent high profile attacks, Network Chemistry developed BlueScanner to help thwart a wide range of attacks:

--  Information retrieval and theft of service
--  Tracking and surveillance
--  Denial-of-service attacks
--  Rogue access points
--  Reconnaissance and discovery
    
Assessing Vulnerability

The best way to assess an organization's exposure to Bluetooth vulnerability and attacks is to scan the workplace for discoverable devices. BlueScanner, which works with any adapter supported by Microsoft's Windows XP Bluetooth protocol stack, will identify any discoverable devices within range and record all information it can gather from the devices without authenticating with them. This information includes the device's "human friendly" name, unique address, type, time of discovery, time last seen, and any Bluetooth Service Discovery Protocol (SDP) information the device provides.

In addition, BlueScanner users can add location information to any discovered devices simply by specifying a location name before starting a scan. Once the scan starts, BlueScanner tags discovered devices with the name. To prevent information overload, BlueScanner's intuitive user interface allows users to filter devices according to how recently they were last observed, their location, their type, and the specific service they advertise.

Once security or IT personnel locate a Bluetooth device, they can reduce its vulnerability to attack by either turning off the Bluetooth portion of the device or putting it into non-discoverable mode.

Pricing and Availability

BlueScanner is now available at no charge at www.bluescanner.org. Its capabilities are also included in Network Chemistry's award-winning RFprotect™ Mobile, the industry's most complete suite of analysis tools to help design, maintain, and secure wireless networks. As Windows software for laptops, RFprotect Mobile enables on-the-go incident response and portable testing. The suite incorporates a relational database and supports analysis of WLAN activity across three key standards: 802.11b and 802.11g in the 2.4 GHz band and 802.11a in the 5 GHz band.

About Network Chemistry

Network Chemistry provides enterprise-class systems that increase the security and performance of wireless networks and protect business-critical applications. Its award-winning RFprotect system is the industry's first highly scalable wireless intrusion protection system, providing complete detection, assessment, prevention, and auditing of wireless threats and attacks while offering a breakthrough reduction in total cost of ownership. Network Chemistry, founded in 2002, is based in Redwood City, California, and is privately funded by Geneva Venture Partners, Innovacom (the venture arm of France Telecom), and In-Q-Tel (the venture arm of the Central Intelligence Agency). For more information, visit www.networkchemistry.com or call 1-888-952-6477.

All product and company names herein are trademarks of their respective owners.

Contact Information