Blackberry PRD-09695-004 Security Guide - Page 7

BlackBerry Smart Card Reader 7 • prevent Bluetooth enabled BlackBerry devices from sending or receiving address book information over a Bluetooth connection • prevent Bluetooth enabled BlackBerry devices from making phone calls See the Policy Reference Guide for more information. Restricting Bluetooth technology on the computer On a Bluetooth enabled computer, when a Bluetooth wireless adaptor exists and is turned on, the computer also installs Bluetooth drivers (and a personal area networking device, optionally) for that wireless transceiver. To prevent users without administrator privileges, and external Bluetooth devices other than the BlackBerry Smart Card Reader from using the Bluetooth technology installed on the computer, you or BlackBerry Smart Card Reader users with administrator privileges can restrict the availability of the Bluetooth technology on the computer. See Restricting Bluetooth technology on Bluetooth enabled computers BlackBerry Smart Card Reader Technical Overview for more information about restricting Bluetooth technology on computers in your organization. Bluetooth security measures on the BlackBerry Smart Card Reader The following security methods on the BlackBerry Smart Card Reader enhance the existing protection of the Bluetooth wireless technology on Bluetooth enabled BlackBerry devices. Security method Limited use of discoverable mode Limited use of serial port profiles Use of Bluetooth pairing process to help prevent passive attack Control of the Bluetooth range Description When the user starts the Bluetooth connection process between the BlackBerry Smart Card Reader and the Bluetooth enabled BlackBerry device or computer, the BlackBerry Smart Card Reader enters into discoverable mode long enough for the BlackBerry device or computer to search for the BlackBerry Smart Card Reader and pair with it. The BlackBerry Smart Card Reader is designed to enter into discoverable mode whenever it displays the reader ID and its LED is solid green. The BlackBerry Smart Card Reader uses the Bluetooth Serial Port Profile only, allowing you to use application control to shut down all the other profiles and prevent third-party applications from using the BlackBerry Smart Card Reader. During the Bluetooth pairing process, the BlackBerry Smart Card Reader uses a random key (unlike the hard-coded keys that headsets and other Bluetooth enabled devices use). Users always start the Bluetooth pairing process from their BlackBerry devices or computers. If a message prompts users to type a pairing password when they did not start a pairing process, they know that another device, which they might not want to connect to, started the pairing process. The Bluetooth pairing process is designed to help prevent a passive attack in which a user with malicious intent tries to search for the BlackBerry device PIN. You can use the Maximum Bluetooth Range IT policy rule to control the power level of the Bluetooth wireless transceiver on the BlackBerry Smart Card Reader. Setting the power level also controls the range of proximity between the BlackBerry Smart Card Reader and the BlackBerry device at which the two parties close the Bluetooth connection between them. The range value does not translate to a specific distance because the Bluetooth range is partially determined by the power level. The range value is also heavily influenced by environmental factors, including obstructions and electromagnetic radiation. As a general rule, the Bluetooth range at power setting n+1 is longer than the range at power setting n. www.blackberry.com