I have a low level of trust for all things wireless. I'd rather connect my peripherals via cables. But since the Magic Trackpad does not come in a wired version, and my arthritic thumb was making the trackball painful, I'm suddenly using bluetooth. My question: Now that I have Bluetooth turned on in the computer (an iMac running Snow Leopard) is there anything I need to know to prevent the Russian Mafia from driving by and insinuating themselves into my computer?
The Russian mafia will need to get within about 30 ft (10m for Class 2 Bluetooth), so if you can keep them out of your house you will probably be ok.
Also, If I Recall Correctly (IIRC), OS X will ask you before connecting to a Bluetooth device that it hasn't been paired with previously.
Your PIN is key to this process. It controls both pairing and encryption. If you are worried about security, use a longer PIN. Tom
Do you mean my admin password? I am not aware of a PIN. I looked at the Bluetooth and Security tabs and saw no mention of setting up a PIN other than my personal and admin passwords. I don't expect the Russians to park outside my house searching for ways into my computer, but if a virus gets hold of my neighbor's computer and instructs it to look for nearby networks to invade, could it latch onto my Bluetooth? I guess the fact that OS X would ask me for permission keeps me safe. I did uncheck "discoverable."
You're perfectly fine with bluetooth enabled, daniel. As others have said, it has a pretty limited range, which really reduces the risk of anything happening. Further, in order for two devices to really communicate over bluetooth, they have to be paired. Pairing involves inputting a PIN (usually 4 digits) that's displayed on one device (or comes with the devices manual) into the other device, while the devices are discoverable. But just think about the point of most viruses. They're designed to spread and infect other computers as efficiently as possible, with the full knowledge that antivirus software will be updated within weeks (sometimes days) of the virus being released. When your talking globally, a virus can infect thousands of computers per minute using the internet and local networks. One person bringing an infected laptop in to work with them can spread the virus across thousands of computers at their company in minutes, without ever knowing. Now, think about bluetooth. If you want to spread the virus that way... you might get lucky and be able to spread it through a few rooms in an apartment building. Certainly at work most people don't use or need bluetooth, so it wouldn't really spread there. It wouldn't spread through the suburbs due to the distance between houses. So, writing a virus that spreads via bluetooth just isn't worthwhile. That's not to say it will never be done... but I'd be willing to bet there are at least 1000 network-based viruses created for every 1 bluetooth-based virus. It's the same argument for using Mac's. While their security is inherently better than Windows, it's not perfect and people could write viruses for them. The incentive to do that just isn't there though. Windows-based viruses are easier to write and have more chances for infection (given the number of Windows-based computers in the world).
There is a PIN that is used to pair the devices. It controls both the pairing and the encryption of data packets. Some devices allow you to set the PIN, others just give it to you. If you can set it, use at least eight digits. Since you aren't worried about packet sniffing, the strength of encryption is not important to you. Mostly you need to keep an unwanted device from pairing with your system. The standard setup will keep that from happening. If you want to take it to another level, you can turn off discovery, which keeps your device from broadcasting its existence. Tom
Okay. Sounds like I'm safe. I was never queried about a PIN, though. I turned on Bluetooth, turned on the track pad, the computer found the trackpad and I clicked on it. I don't remember if I had to enter my admin name and password. I had to enter those to install the driver software. The PIN was invisible to me. I did turn Discovery off.
Even in the very unlikely event that someone gets in range of your bluetooth, with discovery turned off, it's almost impossible for anyone to tap into it.
Good. Thanks. Anyway, I'm stuck with it if I don't want to go back to the trackball or a mouse, and my arthritic thumb has settled that point.
I was assigned a passcode with my Prius when I tried syncing my BT phone with it. That's the only time I've incountered a BT device needing a pin. When I sync the phone with my laptop (with BT), it automatically connects. Either way, I think it's pretty minimal that the Russian mafia or any lookie loo neighbors will be able to hack anything. The only time you might have real sensitive information is if you're keying in a credit card...with that, I'm sure on my own wireless router using my own encryption. If I'm ever in a hotel or public wifi spot, I might check e-mail, but I never give out my credit card.
Thanks, Dave, Since this is a track pad, I'll never be keying in anything with it. It just moves the cursor, scrolls, clicks, stuff like that. My concern wasn't someone listening in to the pad, it was whether having Bluetooth turned on could in itself be an entry point if my neighbor's lack of security on her Windows PC allowed it to be taken over by a virus. The consensus her seems to be that it could not. I never send credit card info, or log into financial web sites, from public computers, though I sometimes check my email. I do on rare occasions log into my bank while traveling, at a public wi-fi spot, but I assume that the encryption at my computer (the iTouch these days, running Safari) keeps me safe.
