Concerned with Bluetooth marketing security?

June 23, 2009 by 2 Comments

hackA commenter on this blog recently expressed a strong concern about security when offering Bluetooth marketing services in public places. The commenter was concerned that consumers would be inundated with hacker generated unwanted downloads akin to SPAM called bluejacking. Along with this is another security concern called bluebugging where a phone hijacked to make free calls.  An even worse concern is the possibility of a hacker stealing address books or other personal information from a consumers’ phone – which is called bluesnarfing.

Clearly the belts and braces method of preventing any of these occurring is, of course, for you have your Bluetooth radio turned off on your phone or your discoverability turned off. But honestly, this is the equivalent of telling a PC user that if they are to avoid security problems then they should not connect to the Internet! It’s just not that realistic as good advice now that Bluetooth usage is so widespread extending even to cars.

The point at issue here is that nobody can ever avoid the possibility of their security being compromised somewhere along the line as its one of the characteristics of living in the 21st century. Moreover, no service provider, standards provider or software author could ever guarantee that their systems are 100% secure. If they did, nobody would believe them. We only need to look at the number of never-ending security patches we receive each month from Microsoft to see that.

Let’s get back to bluejacking, bluebugging bluesnarfing. I am interested in getting a better understanding of whether they are of real concern in 2009 even though, from Hypertag’s perspective, we have never had an identifiable example of this in all the years of running large Bluetooth marketing campaigns around the world.

When a Bluetooth radio on a mobile phone is turned on, there are two ways a hacker can possibly interact with that phone; through the use of OBEX and through pairing.

OBEX or Object Exchange: This is the Bluetooth mobile phone standard for exchanging business cards, data or even applications and this is the technology that Hypertag uses to download content if the consumer actively decides they wish to accept it onto their mobile phone.

It should be remembered that even if the consumer is highly concerned about security and has their Bluetooth radio on their mobile turned off they can still safely interact with a Hypertag content server though OBEX.

As they pass near a Hypertag content server, they will see a poster that asks them to “turn on their Bluetooth if they want to download the content on offer.” If they do, they will then receive an image that clearly identifies that they are connected to the Hypertag server and asks “whether they wish to down load the content.” Thus the consumer knows where the content is coming from. Once downloaded, the consumer is free to turn their Bluetooth radio off again or make it non-discoverable.

Is it possible for a hacker to be lurking close by ready to spoof the Hypertag content server and hack into a consumer’s phone? Yes, it’s possible but it’s highly unlikely in the real world. One rule of hacking states that the value of the content has to be worth more than the effort required and, to my mind, this does just not pass that test. In any case, according to guidance from the Bluetooth SIG (Bluetooth Special Interest Group), “Phone owners who receive bluejack messages should refuse to add the contacts to their address book.” With nearly all new phones, it is now necessary for the owner to take some action to allow Bluetooth access, so theft of data or media (or even the ability to push stuff into the phone) must be pretty low.

Bluetooth pairing: Anyone who has used a Bluetooth hands-free earpiece understands pairing. The process is initiated by turning on the mobile phone Bluetooth radio and making it discoverable. The hands-free earpiece then ‘discovers’ the phone and ‘pairs’ with it. A PIN is exchanged and all data traffic is then encrypted between the phone and the earpiece. Once achieved, discoverability is turned off until it is again needed. Hypertag does not use pairing for Bluetooth marketing applications.

Clearly, consumers should NOT ever pair with any device that they are not sure about – especially in a public location. This is plain common sense and will prevent any possibility of bluebugging or bluesnarfing.

The million dollar question – should brand owners, retailers or media agencies be really concerned that a Bluetooth marketing campaign could be hijacked by hackers?

According the authoritative industry standards body that looks after Bluetooth standards, the Bluetooth SIG:

  • “Only specific older Bluetooth enabled phones are susceptible to bluesnarfing.”
  • Both Nokia and Sony Ericsson have developed software upgrades for phones vulnerable to bluesnarfing and bluebugging. Both companies have also worked hard to make sure new phones coming to market will not be susceptible to these attacks.”
  • “The Bluetooth SIG continues to study security risks associated with the technology and determine their viability as the technology spreads and develops.”
  • “Theoretically a hacker can monitor and record activities in the frequency spectrum and then use a computer to regenerate the PIN codes being exchanged. This requires specially built hardware and thorough knowledge of Bluetooth systems.” “This is an academic analysis of Bluetooth security. What this analysis outlines is possible, but it is highly unlikely for a normal user to ever encounter such an attack.”

We agree with these observations and my personal view is that the occurrence of Bluetooth hacking of any sort is only a remote possibility. Hypertag’s experience to date confirms this. Of course it is possible, but I believe it’s far more possible that I could download spyware through my PC browser than come across a Bluetooth hacker; however, we should all remain alert to the possibility.

Googling the Internet looking for up-to-date concerns about bluesnarfing seems to only turn up articles dating from the early days of the Bluetooth standard. Yes, we should always be concerned about security issues when providing any sort of public communication system, but we believe that the benefits of implementing Bluetooth marketing campaigns far outweigh the risk of bluejacking or bluesnarfing – until we’re proved wrong. In that case, we will update our technology to address the issue.

Chris Gare

Filed under All, Bluetooth Marketing, Bluetooth Technology

A summer’s walk through Lathkill Dale…

June 16, 2009 by Leave a comment

A summer’s walk through Lathkill Dale….
A few weekends ago I was in the Peak District enjoying the summer weather. We decided to walk through Lathkill Dale from Over Haddon to Monyash as the weather was hot, and we heard the orchids were out.
Hypertag provides Natural England via the Peak Experience organisation with Proximity technology for Lathkill Dale. This is a pilot which we hope will be extended, and ultimately rolled out amongst other rural locations under Natural England’s remit.
The premise is how do you put information in the hands of the walkers to help them get more out of their walk? Mobile is the perfect solution as you can compress a huge amount of information into a mobile Java Application, and structure that information so that the walker can access what they need quickly and easily. This offers much wider possibilities than would be available with just the static signs or via leaflets that could be distributed.
At Lathkill Dale, Hypertags powered either by ultra long life batteries or a solar panel (in the case of one tag) allow the walker to download the information to their phone as they walk past five points of interest.
Each point is clearly marked with a Nature Bytes sign, and gives out a different piece of content, from the core Peak Experience application to the sounds of birds the walker will hear as they walk through the Dale, to photos of butterflies they are likely to encounter.
Be sure to look out for the Nature Bytes signs this summer if you are out and about in the Peak District.

larkhill1A few weekends ago I was in the Peak District enjoying the summer weather. We decided to walk through Lathkill Dale from Over Haddon to Monyash as the weather was hot, and we heard the orchids were out.

Hypertag provides Natural England via the Peak Experience organisation with Proximity technology (otherwise known as ‘Bluetooth Marketing’) for Lathkill Dale. This is a pilot which we hope will be extended, and ultimately rolled out amongst other rural locations under Natural England’s remit.

The premise is how do you put information in the hands of the walkers to help them get more out of their walk? The use of mobile phones is the perfect solution as you can compress a huge amount of information into a mobile Java Application, and structure that information so that the walker can access what they need quickly and easily. This offers much wider possibilities than would be available with just the static signs or via leaflets that could be distributed.

larkhill3At Lathkill Dale, Hypertags powered either by ultra long life batteries or a solar panel (in the case of a single Hypertag) allow the walker to download the information to their phone as they walk past five points of interest.

Each point is clearly marked with a Nature Bytes sign, and gives out a different piece of content, from the core Peak Experience application to the sounds of birds the walker will hear as they walk through the Dale, to photos of butterflies they are likely to encounter.

Be sure to look out for the Nature Bytes signs this summer if you are out and about in the Peak District.

Jonathan Morgan

Filed under Bluetooth Marketing, Bluetooth Marketing Campaigns

File format error! – A Story from a British Music Festival….

June 5, 2009 by Leave a comment

File format error! – A Story from a British Music Festival….
You go to the free phone charging station and see an a opportunity to download a free GIG guide on your phone, “great” you think, just what I need, so you fumble around your new Samsung trying to find out how to switch the Bluetooth on (not being one of the 25% of people in the UK who now have it permanently switched. How could you?, on your last phone it killed the battery!)
Finally, you get the Bluetooth switched on and wait to receive the promised Festival GIG guide. You wait. You wait. Then if you are lucky you are asked for a pin code, even luckier – you may know it.
Then full of anticipation, instead of the GIG guide you get the file format error message. Not I imagine the great consumer experience the sponsoring brand planned you to have – and SO unnecessary.
This experience can be avoided in lots of ways, for example by employing accurate device detection software on the proximity device; by using uptodate handset functionality and phone fingerprint databases; by providing backup content (MP3 clips, videos, animations etc) for handsets NOT able to receive Java applications over Bluetooth and by providing clear instructions for music fans telling them what to do and what to expect.
It could have been worse…
Some providers, specifically one in Ireland, but probably not confined to the Emerald Isle, don’t care about the consumer experience, as a matter of policy! They believe that if handsets cannot receive content over more than 10 – 15 meters, tough on fans, “its free – what have they got to complain about!  They’ll offer the content over 100m anyway and leave music fans disappointed when fans can’t download to their handset in the full knowledge that there is no way that handsets can receive content over this distance. Shocking but true!

musicfestivalBluetooth Marketing campaigns can sometimes go wrong in a big way. You go to the free phone charging station and see an a opportunity to download a free GIG guide on your phone, “great” you think, just what I need, so you fumble around your new Samsung phone trying to find out how to switch the Bluetooth on (not being one of the 25% of people in the UK who now have it permanently switched. How could you?, on your last phone it killed the battery!)

Finally, you get the Bluetooth switched on and wait to receive the promised Festival GIG guide. You wait. You wait. Then if you are lucky you are asked for a pin code, even luckier – you may know it.

Then full of anticipation, instead of the GIG guide you get a File Format Error Message! Not I imagine the great consumer experience the sponsoring brand planned you to have – and SO unnecessary.

This experience can be avoided in lots of ways, for example by employing accurate device detection software on the proximity device; by using up-to-date handset functionality and phone fingerprint databases; by providing backup content (MP3 clips, videos, animations etc) for handsets NOT able to receive Java applications over Bluetooth and by providing clear instructions for music fans telling them what to do and what to expect.

It could have been worse…

Some providers don’t care about the consumer experience, as a matter of policy! They believe that if handsets cannot receive content over more than 10 – 15 meters, tough on fans, “its free – what have they got to complain about!” They’ll offer the content over 100m anyway and leave music fans disappointed when fans can’t download to their handset in the full knowledge that there is no way that handsets can receive content over this distance. Shocking but true!

Elaine Haines

Filed under Uncategorized

Why you should use a quality Bluetooth marketing provider? (Part 2)

June 4, 2009 by 7 Comments

Following on from Part 1 of this post, I would to look at some more issues that separate quality Bluetooth marketing providers from budget ones.
More content types can be downloaded
Budget providers often offer the ability to send out only one type of content or a very limited set of content. Hypertag and other quality providers allow customers to run campaigns from the simple through to the very complex. Indeed, bespoke campaigns that have never been run before can be created from scratch to meet the exacting requirements of individual brands. That can’t be done with a budget system that only has a simple interface supplied on a CD. Delivering complex campaigns needs an advanced content server that underpins the system and the technical knowledge and understanding to know how best to deploy it.
Spending less
If you want to run a campaign with more than one Bluetooth content server, it will often be cheaper to run with a quality supplier like Hypertag. Hypertag’s expertise lies in its internally-developed software. This software can be updated and campaigns managed remotely, which means as new features are added, you benefit straight away. As technology develops, you don’t have to buy another Bluetooth content server because the server can be upgraded with new features automatically. In essence you are future-proofing your investment.
Benchmarking
Like some other quality providers, Hypertag has stored all the statistics from all of its campaigns it has run over the last seven years from around the world. This means it can advise you how to deploy the campaign for best success, because it knows what works – and what doesn’t. A budget Bluetooth marketing provider will not have central usage monitoring and therefore each ‘campaign’ has to be deployed in isolation of every other one with no cross-over learning possible. What’s the point in saving a few pounds on the equipment if it’s going to be a wasted? Isn’t it better to use equipment where at least you will know whether your campaign was successful, and how you could improve it for next time?
Experience and advice
Plugging in a budget Bluetooth content server and hoping for the best is no way to achieve great results. If all you want to do is prove you can send content over Bluetooth, use a laptop. If you want to use a Bluetooth server to achieve a really effective campaign, you need to work with a quality provider. Frankly, the technology is the straightforward bit. The clever bit is in knowing how to use it to achieve the results you need.
Increase retail sales by 40%; Hypertag knows how to do it. Increase conversion through online sales by 40%; Hypertag knows how to do it. Want to pick up subscribers to your online news service; Hypertag knows how to do it. Want to build a database, activate your sponsorship, create some buzz; Hypertag knows how to use the technology and will be able to advise you how to deploy the technology in your environment to have great results. It knows this because unlike many providers, it has direct involvement in every campaign meaning it learns what and doesn’t work from every campaign that runs on its servers. This leads to a dramatically shorter learning curve for you and less money spent to achieve the best results.
Service
The final reason you should consider a quality provider like Hypertag is service. It’s all well and good buying your Budget Bluetooth system off the Internet, but what happens when it doesn’t quite work like you hoped? Who do you phone? Where do you go for help? Hypertag thinks that it’s important to have someone you could talk to – an expert who knows what they are doing. With Hypertag you have that 24/7 if you need it. No matter where in the world you are, what you are trying to do, if you can get to your phone, we are here to help.
Bluetooth marketing is new and it’s not as easy to achieve a successful campaign as you might think. If you want to make the best of your campaign, you are going to have questions, and you want someone to be available with answers that are relevant to you.
So what’s the bottom line?
If you have £75 ($100) and you want to prove content can be sent to a phone over Bluetooth, place that £75 back in your pocket, find a computer with Bluetooth and go for it.
If you want to really achieve success with Bluetooth marketing, pick up the phone, or reach for your computer, and get in touch with me (Jonathan), Elaine, Francesca, Elliot, Liz, Graham or anyone else at Hypertag, and we can start to help you achieve great results from one of the most powerful and accountable marketing methods available today.
Of course you could approach one of our quality competitors, but of course we hope that you don’t!
Jonathan Morgan

hmv1Following on from Part 1 of this post, I would now like to look at some more issues that separate quality Bluetooth marketing providers from budget ones.

More content types can be downloaded

Budget providers often offer the ability to send out only one type of content or a very limited set of content. Hypertag and other quality providers allow customers to run campaigns from the simple through to the very complex. Indeed, bespoke campaigns that have never been run before can be created from scratch to meet the exacting requirements of individual brands. That can’t be done with a budget system that only has a simple interface supplied on a CD. Delivering complex campaigns needs an advanced content server that underpins the system and the technical knowledge and understanding to know how best to deploy it.

Spending less

If you want to run a campaign with more than one Bluetooth content server (We call these ‘Hypertags’), it will often be cheaper to useh a quality supplier like Hypertag. Hypertag’s expertise lies in its internally-developed software. This software can be updated and campaigns managed remotely, which means as new features are added, you benefit straight away. As technology develops, you don’t have to buy another Bluetooth content server because the server can be upgraded with new features automatically. In essence you are future-proofing your investment.

Benchmarking

Hypertag has stored all the statistics from all of its campaigns it has run over the last seven years from around the world. This means it can advise you how to deploy the campaign for best success because it knows what works – and of course what doesn’t. A budget Bluetooth marketing provider will not have central usage monitoring and therefore each ‘campaign’ has to be deployed in isolation of every other one with no cross-over learning possible. What’s the point in saving a few pounds on the equipment if it’s going to be a wasted? Isn’t it better to use equipment where at least you will know whether your campaign was successful, and how you could improve it for next time?

Experience and advice

Plugging in a budget Bluetooth content server and hoping for the best is no way to achieve great results. If all you want to do is prove you can send content over Bluetooth, use a laptop. If you want to use a Bluetooth server to achieve a really effective campaign, you need to work with a quality provider. Frankly, the technology is the straightforward bit. The clever bit is in knowing how to use it to achieve the results you need.

Increase retail sales by 40%; Hypertag knows how to do it. Increase conversion through online sales by 40%; Hypertag knows how to do it. Want to pick up subscribers to your online news service; Hypertag knows how to do it. Want to build a database, activate your sponsorship, create some buzz; Hypertag knows how to use the technology and is able to advise you how to deploy the technology in your environment to have great results. It knows this because unlike many providers, it has direct involvement in every campaign meaning it learns what and doesn’t work from every campaign that runs on its servers. This leads to a dramatically shorter learning curve for you and less money spent to achieve the best results.

Service

The final reason you should consider a quality provider like Hypertag, is service. It’s all well and good buying your Budget Bluetooth box off the Internet, but what happens when it doesn’t quite work like you hoped? Who do you phone? Where do you go for help? Hypertag thinks that it’s important to have someone you could talk to – an expert who knows what they are doing. With Hypertag you have that 24/7 if you need it. No matter where in the world you are, what you are trying to do, if you can get to your phone, we are here to help.

Bluetooth marketing is new and it’s not as easy to achieve a successful campaign as you might think. If you want to make the best of your campaign, you are going to have questions, and you want someone to be available with answers that are relevant to you.

So what’s the bottom line?

If you have £75 ($100) and you want to prove content can be sent to a phone over Bluetooth, place that £75 back in your pocket, find a computer with Bluetooth and go for it.

If you want to really achieve success with a Bluetooth marketing campaign, pick up the phone, or reach for your computer, and get in touch with me (Jonathan), Elaine, Liz, Graham or anyone else at Hypertag and we can start to help you achieve great results from one of the most powerful and accountable marketing methods available today.

Of course you could also approach one of our quality competitors, but of course we hope that you don’t!

Jonathan Morgan

Filed under Bluetooth Marketing, Bluetooth Marketing Campaigns

Follow

Get every new post delivered to your Inbox.