02-10-2004, 05:00 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Bluetooth Phones Vulnerable to Snarfing
http://news.zdnet.co.uk/communications/wireless/0,39020348,39145881,00.htm
I thought this would be of interest since a lot of us carry a bluetooth phone to enable mobile wireless access with our PDAs and even laptops. "A serious Bluetooth security vulnerability allows mobile phone users' contact books to be stolen. You've heard of bluejacking - now meet 'bluesnarfing.' A security flaw has been discovered in Bluetooth that lets an attacker download all contact details along with other information from a vulnerable phone, while leaving no trace of the attack. Bluesnarfing is said to affect a number of Sony Ericsson, Ericsson and Nokia handsets, but some models are at greater risk because they invite attack even when in 'invisible mode' -- in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices."
Nice. :roll: The Nokia 6310, 6310i, 8910 and 8910i models are at greatest risk, so I'm glad my 3650 isn't on that hot list but I still don't feel real safe. There is more detailed information here. I feel a bluetooth rant coming on... :grinning devil:
|
| |
|
|
|
02-10-2004, 05:20 PM
|
|
Intellectual
Join Date: Jul 2003
Posts: 176
|
|
Bear in mind Bluesnarfing is still in the 'theoretical' stage and not likely to happen in a real-world environment at the moment.
Iain.
|
| |
|
|
|
02-10-2004, 05:32 PM
|
|
Intellectual
Join Date: Jun 2002
Posts: 155
|
|
After reading the ZDnet article, it sounds like you would have to modify your BT stack(ie a custom program) to do this "SNARF"
I am sure that this "SNARF" attack is valid in theory, but having to modify the BT stack keeps this out of the hands of the average person.(i would guess)
From ZDnet...
"he can initiate a bluesnarfing attack from his laptop after making a modification to its Bluetooth settings: "It is a standard Bluetooth-enabled laptop and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack and that enables me to perform this attack," he said."
|
| |
|
|
|
02-10-2004, 05:44 PM
|
|
Editor Emeritus
Join Date: Sep 2006
Posts: 3,060
|
|
So, here's how I use Bluetooth...
I initially pair my phone with my Pocket PC. After the pairing and settings are made, I never set my phone to be "discoverable."
I can't tell from the article whether I'm still vulnerable.
|
| |
|
|
|
02-10-2004, 05:51 PM
|
|
Intellectual
Join Date: Jul 2003
Posts: 120
|
|
there was another article on c|net which has some quotes from Nokia Nokia: Bluetooth flaw gnaws at phone security
this all stems from AL Digitial's Bluetooth Security report published last year, although TDK responded to this report pointing out some shortcomings in their claims, although this was also replied to by AL Digital... and there it was left until now...
no technical details have been given, and there are quotes like "if an attacker had physical access to a 7650..." - if an attacker had physical access to a 7650 as the TDK response outlines - they could as easily nick it... or quickly do a standard pairing and set auto connection...
.
|
| |
|
|
|
02-10-2004, 07:37 PM
|
|
Oracle
Join Date: Aug 2006
Posts: 841
|
|
This was news five months ago (I even posted an article on Geekzone then), and then people discarded this as a theoretical vulnerability.
I guess that ZDNET is a little slow in the news and decided to post old things?
|
| |
|
|
|
02-10-2004, 07:38 PM
|
|
Thinker
Join Date: Aug 2006
Posts: 330
|
|
I wonder if the Orange E200 is affected.
Mind you the E200 won't talk to my HP iPAQ 2210.
|
| |
|
|
|
02-10-2004, 07:48 PM
|
|
Sage
Join Date: Mar 2004
Posts: 734
|
|
I'm not the least bit worried. In fact, tomorrow I'm going to buy a bluetooth enabled phone - a Sony-Ericsson T610.
The reason I'm not worried is because
a) I don't keep any numbers in my phone to begin with
b) It's off most of the time anyway
c) The person stealing my phonebook would have to be within a ten meter radius of me, toting a laptop.
|
| |
|
|
|
02-10-2004, 08:17 PM
|
|
Intellectual
Join Date: Feb 2004
Posts: 123
|
|
Snarf
I'm not sure this is such a serious problem. I'm all for security, but when security begins to hurt the user experience of a product, it's time to put usability and security on a balance and make a decision. In the case of Bluetooth, setup is often a nightmare because somebody made it adamant that Bluetooth be secure.
I believe Bluetooth should have been 100% non-secure in order to be brain-dead simple to operate. Those people with confidential information can look for application-level encryption to protect their data.
So, I hope these security concerns aren't going to further negatively impact the usability of BT.
My 1/2 cent.
|
| |
|
|
|
02-10-2004, 10:01 PM
|
|
Ponderer
Join Date: Feb 2002
Posts: 80
|
|
serious problem or not...
Can anyone think of a major technology invented in the last 5 years that's a worse botch-job than Bluetooth? I awaited it with such anticipation, and now as far as I'm concerned, it's worthless, nearly useless, and unlikely to ever provide the capabilities I was hoping for it to provide.
|
| |
|
|
|
|
|
|
Linear Mode
