We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


What are the key features Auditors are looking for in a Bluetooth Audit?

awakenings asked
Medium Priority
Last Modified: 2010-04-11
I recently did a quick bluetooth audit of our organization.  I wanted to find out what are the important aspects of bluetooth.  What kind of ID information do they have?  What kinds of things are auditors looking for in reports about bluetooth auditing?
Watch Question

With the increasing prevalence of BT and small-form factor devices in the enterprise, this is a growing area of interest for me as well.

The kinds of things auditors are looking for:

1) Use Policy  - re: use of devices (SFF, BT, cell phones, PDAs, phones w/ cameras in high security areas should all be covered).

2) Device Policies - Data classification and minimum security (hardening, encryption, logging) device must support for more sensitive types of data

3) Auditing/Logging - who accessed the data, what was the data, at what time

And of course, alot of this is best effort only, as some device tracking will not be possible outside a great amount of expense/effort.

This is a just a general post to your questions. If you're looking for more of the nitty-gritty, I can get some actual auditing questions/checklists to you.

Also, here's a link: Bluetooth Security Review, Part 1, http://www.securityfocus.com/infocus/1830


I just upped the points because I am looking for more than what you provided.  I'll give you points for that.

You did hit on some things I wasn't looking for that we have covered - Use Policy, Device Policy for example.

From reading the article, it sounds like I should find  Redfang -- which seems to have dissapeared on my initial google searches.  I used bluesniff in my wireless audit, but I have no idea what I am looking for.  From the article it sounds like maybe MAC address and maybe if the device is hidden or not.
    In the wireless world, it is a bit easier for me because I am more familiar with the technology.  It has SSID, signal strength, signal to noise ratio, etc.  Do you have any specifics you would recommend?



Read up on RedFang and I think you'll agree as a auditing/pentest tool it's still very proof-of-concept.

Redfang download

Bluesnarfer w/ links to snarf attack howtos

Of course, I don't know the nature of the data you're trying to protect (i.e., compliance requirements, sensitivity), but I would begin with the basics:

1) Look for discoverable devices
2) Next, do these devices accept file transfers (FTRN)

Here's more info on a SANS diary: Bluetooth Auditing

That's all I've got for now. Maybe someone else can chime in.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.