iTunes and BlueTooth: the Potential for a Major Boo-Boo
InternetNews reports that Cingular will be offering iTunes on a Motorola Phone:
|Apple is set to announce a Cingular mobile phone loaded with special iTunes software, Ovum analyst Roger Entner confirmed...
Motorola and Apple initially announced the phone partnership in July 2004. The plan is to let people transfer songs from the iTunes jukebox on the PC or Mac to Motorola handsets via a USB or Bluetooth connection, as well as to buy songs directly over the air from the iTunes Music Store...
Why did I highlight the word BlueTooth?
Bruce Schneier notes:
|Sure, it's annoying, but worse, there are serious security risks. Don't believe this:
Furthermore, there is no risk of downloading viruses or other malware to the phone, says O'Regan: "We don't send applications or executable code." The system uses the phone's native download interface so they should be able to see the kind of file they are downloading before accepting it, he adds.
This company might not send executable code, but someone else certainly could. And what percentage of people who use Bluetooth phones can recognize "the kind of file they are downloading"?
We've already seen two ways to steal data from Bluetooth devices. And we know that more and more sensitive data is being stored on these small devices, increasing the risk. This is almost certainly another avenue for attack.
Unless these phones are shipped with (a) BlueTooth disabled by default; and (b) the ability to patch BT-firmware, I think I'd take a rain-check. As President Reagan used to say, "Trust, but verify."
I'd want to be sure about BT support in any phone, especially a leading-edge, iTunes-enabled one.