An Oscar Surprise: Vulnerable Phones

[Kris Kumar]

http://www.nytimes.com/2005/03/02/movies/oscars/02leak.html

"Three employees of the company, Flexilis, founded two years ago by four University of Southern California students, positioned themselves in the crowd of more than 1,000 people watching celebrities arrive at the Kodak Theater. John Hering, one of the company's founders, wore a backpack in which he had placed a laptop computer with scanning software and a powerful antenna. ... The Flexilis team said their concern was not with Bluetooth itself, which contains adequate security protection, but with the way the technology has been used by many manufacturers. "We're attempting to raise the level of security in the wireless world to the same standard that is now expected in the wired world," Mr. Hering said."


Photograph by Jim Wilson/The New York Times

The New York Times article [free registration required] seems to have confused the recent T-Mobile network hack with the Bluetooth vulnerability, that was being exposed by Flexilis team. The article does highlight a good point, that Bluetooth protocol on its own does not have any holes, but its implementation by the various phone vendors is not perfect. Wish the article elaborated on what kind of weakness the Flexilis team was looking for. :? The only one I can think of is leaving the Bluetooth on the phone in discoverable mode. But before anyone can access the data on my phone, I will have to accept the incoming request on my phone? Am I missing something?

[Kris Kumar]

http://www.nytimes.com/2005/03/02/movies/oscars/02leak.html

"Three employees of the company, Flexilis, founded two years ago by four University of Southern California students, positioned themselves in the crowd of more than 1,000 people watching celebrities arrive at the Kodak Theater. John Hering, one of the company's founders, wore a backpack in which he had placed a laptop computer with scanning software and a powerful antenna. ... The Flexilis team said their concern was not with Bluetooth itself, which contains adequate security protection, but with the way the technology has been used by many manufacturers. "We're attempting to raise the level of security in the wireless world to the same standard that is now expected in the wired world," Mr. Hering said."


Photograph by Jim Wilson/The New York Times

The New York Times article [free registration required] seems to have confused the recent T-Mobile network hack with the Bluetooth vulnerability, that was being exposed by Flexilis team. The article does highlight a good point, that Bluetooth protocol on its own does not have any holes, but its implementation by the various phone vendors is not perfect. Wish the article elaborated on what kind of weakness the Flexilis team was looking for. :? The only one I can think of is leaving the Bluetooth on the phone in discoverable mode. But before anyone can access the data on my phone, I will have to accept the incoming request on my phone? Am I missing something?

[freitasm]

Very short comment: the linked article is just spreading FUD (Fear, Uncertainty, Doubt).

[Mike Temporale]

Quote:

Originally Posted by freitasm

Very short comment: the linked article is just spreading FUD (Fear, Uncertainty, Doubt).

While there are a great number of errors and generalizations in the article, I do think it's rather interesting thing to study - Even if it doesn't effect Windows Mobile users, yet.

[manywhere]

Makes me think of this Guardian FUD article on how hacking Paris Hilton's Sidekick was done over Bluetooth:

Quote:

Originally Posted by The guardian

It may not help Paris in her current phonebook-less state, but she seems to have fallen victim to the latest trend in hacking; blue-snarfing. In recent months, there has been increasing concern over the phenomenon, which, simply put, means using wireless Bluetooth technology used to connect phones to headsets, laptops and other gadgets to get access to people's private data by the back door.

Read more here: http://www.guardian.co.uk/online/new...423271,00.html

Source: http://www.pocketpctools.com/modules...icle&sid2=1610

[vincenzosi]

It is absolutely astonishing how little research has gone into the stories floating around the web with regards to people and their phones. I guess the whole "radiation is gonna fry your brain" angle isn't generating the buzz they had hoped, so now they're going to pitch that some pimply-faced kid is gonna hack your phone, steal your data, and make off with your wife.

Consider the Fred Durst story. When the porno of him broke, initially the report was "Fred Durst's sidekick hacked also! Exclusive video, blah blah blah."

Unfortunately, they forgot (or didn't bother to check) that the Sidekick doesn't even take video!

Privacy concerns are big with americans lately, and it seems like every scummy news outlet (including the New York Times and the Guardian) are trying to get as much mileage out of it as possible. I'm sure someone read that article and went "Oh man, I just knew it!" then moved back into his foil-lined apartment and disconnected all his phones.

[Kris Kumar]

Quote:

Originally Posted by vincenzosi

... I'm sure someone read that article and went "Oh man, I just knew it!" then moved back into his foil-lined apartment and disconnected all his phones.

:rotfl: