Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nokia Admits Multiple Bluetooth Security Holes

timothy posted more than 10 years ago | from the oops dept.

Security 136

An anonymous reader writes "Nokia has admitted that four of its handsets (6310, 6310i, 8910 and 8910i) have multiple security vulnerabilities that can allow an attacker to read, edit and copy the contacts and calendar entries using Bluetooth. This admission comes after a ZDNet UK article published earlier today. the spokesperson advises customers to switch off Bluetooth in public places!" For more information, see the bluesnarfing site pointed out by reader profet.

cancel ×

136 comments

Sorry! There are no comments related to the filter you selected.

DARLIN' GOATSE (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8236161)

I knew a guy named goatse
I guess you could say he was a sex fiend
I met him in a hotel lobby
Masturbating with a magazine
He said how'd you like to waste some time
And I could not resist when I saw little goatse grind

He took me to his castle
And I just couldn't believe my eyes
He had so many devices
Everything that money could buy
He said sign your name on the dotted line
The lights went out
And goatse started to grind

The castle started spinning
Or maybe it was my brain
I can't tell you what he did to me
But my body will never be the same
His lovin' will kick your behind
Oh, he'll show you no mercy
But he'll sho'nuff sho'nuff show you how to grind

Darlin' goatse

Woke up the next morning
Goatse wasn't there
I looked all over and all I found
Was a phone number on the stairs
It said thank you for a funky time
Call me up whenever you want to grind

Re:DARLIN' GOATSE (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8236174)

Don't worry. The authorities should have no problem tracking down Goatse by the phone number he gave you. But you must tell the police exactly what happened! Don't miss any details, they might be important! You have to be very strong now, I wish you all the best for your future.

Nokia Admitting Something (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8236163)

Nokia Admitting Something. What is it all about... is it good, or is it whack?

Wake uo Americunts, it's too easy to get FP!

Re:Nokia Admitting Something (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8236181)

Suck it you german dumbass.

Re:Nokia Admitting Something (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8236193)

I'm Swiss, you disgusting little pile of crap!

I SPEAK OF SCIENCE!!!! (-1)

L.Torvalds (548450) | more than 10 years ago | (#8236208)

The Swiss are, without a doubt, among the gayest people in the world. This has been proven by SCIENCE!

Re:I SPEAK OF SCIENCE!!!! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8236241)

Yeah, dwarfed only by the fat, dick loving, shit eating, hairy midget porn consuming Americunts.

YUO = PWNED BY TEH AMERICA OLOLOL YFI EUROFAG (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8236182)

Great ! (5, Funny)

mpeeters (58550) | more than 10 years ago | (#8236172)

Great, not a single Mac OS X app can correctly address my 6310i, but Joe Random Hacker can? Urgh. I need to get my priorities straight.

Re:Great ! (4, Informative)

Grounded0 (703575) | more than 10 years ago | (#8236243)

Go in to System Preferences, click Bluetooth applet, check "Support Non-Conforming Phones".

Re:Great ! (3, Informative)

singleantler (212067) | more than 10 years ago | (#8237550)

While I can use my 6310i as a modem for my Mac with no problems, I can't access the phone book in it, which is highly annoying, and using 'Support non-confirming phones' hasn't made any difference to that.

It's a shame - this is something the Sony/Ericsson phones do very well, but I still prefer Nokias overall (mainly because of their interface.)

bluejacking (1, Interesting)

martin (1336) | more than 10 years ago | (#8236173)

Old news. The concept of hijacking bluetooth links was first mentioned here [slashdot.org] back in November.

But I guess Nokia finally admitting they have an issue is interesting. I wonder what the other Bluetooth capable device manufacturers do about this???

Re:bluejacking (4, Informative)

DJPenguin (17736) | more than 10 years ago | (#8236205)

Bluejacking is just where you send a contact to available phones, and it just used to startle people. This is nothing to do with bluesnarfing which is the hacking/changing data!

Re:bluejacking (2, Informative)

MrvFD (711808) | more than 10 years ago | (#8236253)

According to this article [digitoday.fi] (in Finnish) Sony Ericsson is going to give a statement on Tuesday. Possible vulnerable SE models include R520m, T68i, T610 and Z1010.

Re:bluejacking (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8236298)

Yeah, right. And according to this article [slashdot.jp] (in Japanese), your mother's a whore.

Re:bluejacking (1)

MrvFD (711808) | more than 10 years ago | (#8236373)

I'm not very good in Japanese, but can understand enough words to see that that's not the point of the article. Maybe your language skills are a bit lacking?

Bluetooth? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8236175)

Here's a dysphemism for you: POO TOOTH
Thanks
- #Teens4Christ

No big deal (4, Insightful)

cwernli (18353) | more than 10 years ago | (#8236176)

What's happening with Bluetooth happened with wireless networks.

What happened with wireless networks happened with anonymous ftp servers.

What happened with anon ftp servers happened with telnet access (you remember the "guest" login provided by most hosts ?).

Every time a new technology is used there are some flaws with it. No big deal.

Do you realize (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8236214)

That you didn't actually say anything meaningful in your post? Please stop posting.

Re:No big deal (5, Insightful)

pesc (147035) | more than 10 years ago | (#8236260)

What's happening with Bluetooth happened with wireless networks.
What happened with wireless networks happened with anonymous ftp servers.
What happened with anon ftp servers happened with telnet access (you remember the "guest" login provided by most hosts ?).
Every time a new technology is used there are some flaws with it. No big deal.


BIG DEAL!

You could expect that someone that designs a new communication protocol today builds on past experience. It's not like viruses, spam, malware and and crackers are something unknown. Instead, you should make the security requirements absolutely central in your new protocols. With the bluetooth technology becoming the most widespread wireless communications protocol (if you believe its proponents) not having security as a top priority is absofuckinglutely brainlessly idiotical.

Re:No big deal (5, Insightful)

infiniti99 (219973) | more than 10 years ago | (#8236310)

Just to clarify, this article is about a problem in Nokia's implementation of Bluetooth, not necessarily a problem in the actual Bluetooth protocol/specification. As an analogy, we hear about security holes in IIS, Apache, OpenSSL, etc, but these do not necessarily indicate problems in the relevant RFC documents. At least, we can hope so ...

Re:No big deal (4, Informative)

hanssprudel (323035) | more than 10 years ago | (#8236436)

There are problems with Bluetooth by design. For one thing, no wireless protocol for interaction between devices can be truly secure unless peering requires physical contact between them (I place my phone next to my laptop, but the spook across the street has a directed antenna that is a thousand times stronger then the phone...)

It isn't like this hasn't come up before, Schneier predicted that Bluetooth would be a security nightmare three and a half years ago [schneier.com] ! Quoting:

What amazes me is the dearth of information about the security of this protocol. I'm sure someone has thought about it, a team designed some security into Bluetooth, and that those designers believe it to be secure. But has anyone reputable examined the protocol? Is the implementation known to be correct? Are there any programming errors? If Bluetooth is secure, it will be the first time ever that a major protocol has been released without any security flaws. I'm not optimistic.

And what about privacy? Bluetooth devices regularly broadcast a unique ID. Can that be used to track someone's movements?

The stampede towards Bluetooth continues unawares. Expect all sorts of vulnerabilities, patches, workarounds, spin control, and the like. And treat Bluetooth as a broadcast protocol, because that's what it is.

Re:No big deal (2, Informative)

Anonymous Coward | more than 10 years ago | (#8237852)

There is a shared pin code which is entered into both devices. If this pin code is short, as it typically is for low-security applications, then you have a point.

What's important, though, is that a shared key is negotiated without being sent over the wire. It may be possible to brute-force the pin with data captured from the initial authentication run, or there might be an attack against the key generation or encryption, but the "physical connection" you claim is required is only one way of ensuring that authentication data isn't sent over the radio channel.

Re:No big deal (1)

gl4ss (559668) | more than 10 years ago | (#8236519)

..and the 4 handhelds also are of the phones that have the crappiest bluetooth there is, not surprisingly being first(or nearly first) on the market as well.

Re:No big deal (1)

lightspawn (155347) | more than 10 years ago | (#8237682)

Just to clarify, this article is about a problem in Nokia's implementation of Bluetooth, not necessarily a problem in the actual Bluetooth protocol/specification. As an analogy, we hear about security holes in IIS, Apache, OpenSSL, etc

Oh, in that case, I know this one: it's the users' fault for not constantly monitoring the problems discovered in every software package they use and failing to update their systems, right?

At least that seems to be the typical slashdot attitude - we love keeping track of software, so should everybody else.

Kind of makes you glad recalls of non-software products don't work the same way.

Re:No big deal (0)

Anonymous Coward | more than 10 years ago | (#8237827)

You aren't distinguishing between design flaws, implementation flaws and configuration flaws. This is a crucial difference.

Bluetooth and anon ftp suffer from implementation flaws.

Wireless networks suffered (and still suffer) from design flaws.

A guest login is a configuration (or policy) flaw.

Implementation flaws are acceptable in new technology, especially in software where it can be patched quickly. Configuration flaws aren't really related to the technology. Design flaws are serious problems.

Important note: (-1, Redundant)

Sheetrock (152993) | more than 10 years ago | (#8236180)

If you get the phone with all the fancy gadgets, you're leaving yourself open to stuff like this. Maybe it's smarter to get a cellphone and a PDA rather than a miniaturized supercomputer?

Although most people would be better off without cellphones entirely.

Re:Important note: (4, Funny)

grazzy (56382) | more than 10 years ago | (#8236203)

most people would probably be better off without the wheel.. but try telling them..

Re:Important note: (-1, Offtopic)

cozziewozzie (344246) | more than 10 years ago | (#8236287)

Mobile phones are great. Sure, you don't need all the fancy 3d-games and some ridiculous functionality, but they're very useful for a number of things:

- phone/address books
- alarm clock (for when you're travelling)
- calender
- reading email on the go

All this in a very small device which still fulfills its primary purpose: making phone calls. In many European countries, you can also use phones to:

- pay for parking (convenient!)
- get the timetable for the next bus connection
- get the cinema programme per SMS...

Of course, if you start using the web, there's plenty more that you can do. For most of these things, a PDA would have to use your mobile anyway, so there's no need for buying an extra device. Mobiles are cool, get over it.

Re:Important note: (1)

oshy (674602) | more than 10 years ago | (#8236353)

Well I could carry:

pocket phone book
diary
electronic game
alarm clock
laptop for connecting to the net

any other odds and sods, but if they are all in one thing, its lighter on my pockets.

Hey, do you want.... (4, Funny)

lofoforabr (751004) | more than 10 years ago | (#8236186)

a fresh list of emai^H^H^H^H telephone numbers so you can send your email marketing to?

K.I.S.S (3, Interesting)

OlivierB (709839) | more than 10 years ago | (#8236188)

Keep It Simple Stupid. Phones are tools. We don't "need" them to be fully featured akin a full OS. Today we have Bluetooth hole sin a few phones. What's next tomorrow on MSFT Smart Phones? Hackers turning in using your line to call 0900 numbers? People hacking your e-wallet? When it comes to commodity devices we should make sure they do reliably and securely work. I don't expect anything less.

Re:K.I.S.S (1)

Viol8 (599362) | more than 10 years ago | (#8236246)

Most people would probably agree with you. I certainly do , but try telling this to the droids
in these companies marketing departments where
the mantra "complexity = good" is chanted on a daily basis.

Re:K.I.S.S (2, Insightful)

OlivierB (709839) | more than 10 years ago | (#8236292)

Think about the damages on windows PCs. Users are advised to keep their machines up to date and yet a significant proportion of them do not listen (want proof? Mydoom is now in version C and still taking hits at MSFTs website). Now how many of you have updated your phones firmware? Think about all those non PDA phones which don't come with a PC connection Kit. All these Nokia phones WILL remain vulnerable for as long as they will work because hardly anybody hassles to go in a Nokia centre to upgrade their firmware. I stand by my original statement. Commodity electronics are not meant to be upgraded as computers and users will not give them that kind of attention. With the advent of GPRS and other always on Data connection, be prepared for some more trouble as people hack into your phone from miles away. No need to be in bluetooth range.

Re:K.I.S.S (4, Insightful)

little_fluffy_clouds (441841) | more than 10 years ago | (#8236530)

Think about the damages on windows PCs. Users are advised to keep their machines up to date and yet a significant proportion of them do not listen (want proof? Mydoom is now in version C and still taking hits at MSFTs website).

Your comparison with "their machines" and the phone firmware (essentially this is the phone "OS"), makes me think you believe that Windows Update can defeat MyDoom.

Actually, MyDoom has fuck all to do with keeping your Windows PC up to date. It is about keeping your _virus_ scanning up to date, and not running attachments that make it through to you. I could have just run and completed Windows Update, but still be infected with MyDoom via the very next email I received and (stupidly) ran the attachment of. Remember, virus scanning is NOT part of the Windows OS, it is something that must be loaded and configured and paid for (usually, unless you go with grisoft or similar).

Your point would be a lot better made if you referred to something like the Blaster or Nachi worm, where the fix was available via Windows Update for several weeks.

Re:K.I.S.S (1)

TheDigitalRaven (749023) | more than 10 years ago | (#8236307)

mantra "complexity = good"
The actual mantra is "If it ain't broke, add more features." This time, they managed to reach critical mass.

Re:K.I.S.S (3, Informative)

Anonymous Coward | more than 10 years ago | (#8236344)

Actually if you are kind of loose in what you term an OS, many Symbian devices run basically 3 OS at the same time.

Application platform, misc. servers & UI apps (UIQ, Series 60, ...)

Symbian OS (kernel, middleware)

Some sort of Manufacturer RTOS for running a GSM stack, for which Symbian doesn't quite cut it.

These devices are far from simple. Given what you can do on this size of device, I wonder why someone doesn't make a solid state PC, with a few seconds boot time, and no noise. Wireless keyboard, monitor, mouse and LAN. (I don't mean a laptop).

I think the thing you mentioned (running up someones bill, on 0900 numbers, or otherwise) has already happened long ago, but by faking the SIM. I think the original GSMs had a fairly large security flaw related to the encryption key.

Or you could just steal someones phone ;)

Re:K.I.S.S (1)

cozziewozzie (344246) | more than 10 years ago | (#8236364)

If you don't need these features, then this phone is not meant for you. There are people who do. You, on the other hand, are in luck, because you can get one of the turbo-cheap models that does nothing but voice and SMS.

Re:K.I.S.S (1)

neko9 (743554) | more than 10 years ago | (#8236862)

can you name some models, please. i'm very interested.

Re:K.I.S.S (1)

cozziewozzie (344246) | more than 10 years ago | (#8237906)

Look for a used one. You can usually get them for almost nothing and they're quite basic. Something like Siemens C25 or Nokia 3210. If you're looking for a new one, each manufacturer has a low-price model. Examples are Siemens A-class, Nokia 3xxx. Not too familiar with other brands' cheap models, sorry.

These are European, so they might not be available in the Americas.

Re:K.I.S.S (1)

Threni (635302) | more than 10 years ago | (#8236474)

> Phones are tools

Phone are phones. Anything else you care to say about them, in terms of what they should/could or shouldn't do are just your opinions. My phone lets me do a number of things in addition to making and receiving phone calls, but it could do more. People like you remind me of people making predictions that `text messaging will never take off - why type a message on a fiddly keyboard when you can just phone them?`. How many millions of text messages are sent a day now?

Re:K.I.S.S (2, Insightful)

Anonymous Coward | more than 10 years ago | (#8236714)

> Phones are tools. We don't "need" them to be fully featured akin a full OS.

That's as foolish as saying that PCs are just tools. They're for wordprocessing, administration and some games. That's how it was when I got my first PC. Why go connect with other computers, with all those evil hackers and expose your PC with your sensitive data? Why play and record music on your computer when you have specialized devices like CD-players and tape recorders? Because more features are better.

Within ten years, phones will become always-carry-with-you wearable mini-PCs. As long as you have your phone with you, you also carry a camera, music/movie player, voice recorder, calender, notebook, game console, ebook reader, remote control, flashlight, and lots of other stuff. Sure, the interface could get a lot better, battery life still sucks now, etc. But we will get there eventually. Not too long ago, people thought 256-colors 320x200 was fantastic quality on a home computer.

There is no line to cross for a phone to have a "full OS". The OS in your phone today is already more complex than my early home computers.

Re:K.I.S.S (3, Interesting)

beeblebrox87 (234597) | more than 10 years ago | (#8236749)

Keep It Simple Stupid. Computers are tools. We don't "need" them to be fully featured with a full OS. Today we have network holes in a few applications. What's next tomorrow on MSFT Longhorn? Hackers turning in using your modem to call 0900 numbers? People hacking your e-wallet? When it comes to commodity devices we should make sure they do reliably and securely work. I don't expect anything less.
---
Dman luddites. Just because you would rather have a device that gives up freedom for security does not mean all of us do. There is a market for "KISS" phones, just as there is a market for locked-down xbox or "internet appliance" computers. Your post, however, implies that companies shouldn't produce more complicated phones. Personally, my phone's main source of usefullness is as a general-purpose, hackable device, and I don't expect anything less.

Adding security doesn't mean we have to remove features. Linux is a prime example of this. Substantially more secure than most alternatives, not because it removes features, but because people actually paid attention to security when they wrote it.

Re:K.I.S.S (1)

EvilNTUser (573674) | more than 10 years ago | (#8237193)

Isn't it odd how many of those luddite posts actually get modded up? This is slashdot - why are people trying to sound cool by saying they don't "need" something? I thought that kind of behavior was reserved for PHB's.

In other news, I don't need emacs, because the MS-DOS editor has all the features anyone should want from a word processor.

Re:K.I.S.S (1)

OlivierB (709839) | more than 10 years ago | (#8237309)

You have a valid point. However I am more and more "obliged" to buy phones with cameras, color screens etc simply because simpler ones are less and less available. I don't argue that some people need and actually want convergence, I'm just saying that those who do not want this still have to go with it (and pay the price, security wise, and money wise). My second complain was about adding features not securely: Why not use linux or whatever else if you wish. But make sure it works! I don't want to end up running "Nokia update" every week as on my Windows box. More features, yes but not at the expense of security and reliability.

Re:K.I.S.S (1)

ahacop@wmuc.umd.edu (63340) | more than 10 years ago | (#8237511)

You would have a valid point if it were that hard to find a phone that doesn't have a camera. It's certainly getting harder but the vanilla phones are still easily available from any cell phone provider. Siemens and Nokia still make some nice ones. And you can always go the ebay route.

MOD PARENT DOWN (0)

Anonymous Coward | more than 10 years ago | (#8238229)

-1 Irritating Luddite. -1 Shut your stupid piehole. -1 Opinionated asshat. -1 Nobody cares what you think.

Is Bluetooth upgradeable? (2, Insightful)

Anonymous Coward | more than 10 years ago | (#8236189)

Is Bluetooth upgradeable and How?

Re:Is Bluetooth upgradeable? (4, Insightful)

DJPenguin (17736) | more than 10 years ago | (#8236223)

I had the firmware upgraded on my 6310i to resolve some bluetooth connection issues, and I imagine the whole stack is upgradeable in this manner.

I don't think the bluetooth protocol is broken - just the implementation.

Re:Is Bluetooth upgradeable? (1)

Linux Ate My Dog! (224079) | more than 10 years ago | (#8237414)

Firmware is indeed upgradeable on Nokia phones, but you need specialized hardware for it, and it wipes out your current settings, contacts, and calendar. Basically you get apristine phone back, so it can be fairly traumatic.

Re:Is Bluetooth upgradeable? (2, Informative)

Organized Konfusion (700770) | more than 10 years ago | (#8238491)

No it doesn't wipe anything, even my call timers were still intact after upgrading the firmware.

Social science wonder? (5, Insightful)

orzetto (545509) | more than 10 years ago | (#8236220)

These days we have all possible material about encryption available publicly. We have RSA, we have digital signatures, we have freely available software which can create perfectly encrypted material which would give bad headaches to the NSA if they had to crack it, even I can encode anything with gpg.
Yet, a mobile-phone giant does this. Are they just plain stupid, or is this another example of the wonders of social science? I can't help thinking how intelligent an ant nest can be though ants singularly are so stupid, and how an organization with some of the brightest engineers on the planet can act so carelessly.

Re:Social science wonder? (2, Insightful)

Dogers (446369) | more than 10 years ago | (#8236289)

stupid, definitely stupid.. look at the NGage, 3200, 7200, 7600, 7700 - Nokia are losing their marbles rapidly!

They havent even got a fully functional 3G phone yet..

Its that evil virus, whats it called again? Oh yeah, mismanagement.

Re:Social science wonder? (0)

Anonymous Coward | more than 10 years ago | (#8236390)

i wouldn't bet either way on what the NSA can or can't crack. They might be 100 years ahead of the academic community with crypto theory, on the other hand, they might be. There's just no telling.

Re:Social science wonder? (2, Insightful)

c13v3rm0nk3y (189767) | more than 10 years ago | (#8237684)

The problem with any encryption method is that it reduces (to some extent) convenience. Since convenience is the keyword mobile phone manufacturers depend on to sell their products, and any level of extra "complexity" is seen as a hindrance.

The mobile phone market is so tight that any possible hindrance (whether it is reasonable or not) is seen as a liability to sales.

Well, that and featching creeperism: Hey, we said we wanted Bluetooth phones. Nokia, et al, just gave them to us. We didn't say we wanted safe or well-designed Bluetooth phones, did we? Outside of a few troublemakers (like us), the market is perfectly happy with what it has been getting so far.

Security needs to be designed into products, and we are still getting prototypes out the door and tacking on security as it the last consideration, or adding features w/o considering the security implications.

Ain't capitalism great?

hmm.. i wonder why????! (2, Funny)

freerecords (750663) | more than 10 years ago | (#8236226)

when things aren't built from the ground up with security in mind, there is likely to be some compromise for the sake of ease of use, when security issues come to mind. apart from the fact that any form of wireless communication is prone to be insecure! think about it.. ARGH THE GOVERNMENT IS LISTENING TO MY PHONE CALLS!!

Ingornace? (3, Informative)

juuri (7678) | more than 10 years ago | (#8236284)

Bluetooth was built from the ground up with security in mind, obviously Nokia totally boggled this.

Re:hmm.. i wonder why????! (0)

Anonymous Coward | more than 10 years ago | (#8236392)

urrm, bluetooth was built from the ground up with security in mind. What has been mentioned in that article has nothing to do with flaws in Bluetooth security. In my opinion it's like grabbing an infra red remote control that works on all Sony TV's and running around saying WOW i just haxored your TV man... i can change the channel! the guy that wrote the article obviously knows nothing about how the pairing procedure works with bluetooth..... what a SAFER+ algorithim is... what frequency hopping is...... and what it means modes discover, discoverable and operation on are.... i think he needs to go to bluetooth.com read the f**ING spec and get some idea..... these are not flaws in bluetooth security... and in no way can be compared to the flaws in lame ass wifi 802.11b networks when they were released. :(

I wonder... (1)

supersam (466783) | more than 10 years ago | (#8236237)

... if these are the only Nokia models which are affected by this vulnerability.

What about other models that have Bluetooth? Are they safe from this security hole?

But can you (-1, Offtopic)

the real darkskye (723822) | more than 10 years ago | (#8236264)

use bluetooth exploits to make [theregister.co.uk] the [theregister.co.uk] battery zplode [theregister.co.uk] ?

Cruel and sadistic? No brother its just helping evolution along a bit ...

Turn it off! (2, Insightful)

SpinyManiac (542071) | more than 10 years ago | (#8236267)

If you turn Bluetooth off, your're invulnerable and your batteries will last longer.

Article text (0, Redundant)

Anonymous Coward | more than 10 years ago | (#8236288)

There's always somone who wants it. ;)

Bluetooth phones at risk from 'snarfing'

Munir Kotadia
ZDNet UK
February 09, 2004, 14:15 GMT

A serious Bluetooth security vulnerability allows mobile phone users' contact books to be stolen. You've heard of bluejacking - now meet 'bluesnarfing'

A security flaw has been discovered in Bluetooth that lets an attacker download all contact details along with other information from a vulnerable phone, while leaving no trace of the attack.

Unlike bluejacking, which is where users can send a message to Bluetooth phones without authorisation, this latest discovery for the wireless-data standard allows data, such as telephone numbers and diary entries, stored in a vulnerable device to be stolen by the attacker. The new exploit is called bluesnarfing.

Bluesnarfing is said to affect a number of Sony Ericsson, Ericsson and Nokia handsets, but some models are at greater risk because they invite attack even when in 'invisible mode' -- in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.

Adam Laurie, chief security officer at UK networking and security firm AL Digital, told ZDNet UK that the Nokia 6310, 6310i, 8910 and 8910i models were at greatest risk. "On some models of phone, you are only vulnerable to attack if you are on visible mode; however, there are other models of phones where you are vulnerable even in non-visible mode," he said.

Laurie said he discovered the problem when he was asked to test how safe Bluetooth devices actually were. "Before we deploy any new technology for clients or our own staff, one of my duties is to investigate that technology and ensure it is secure. Actually rolling your sleeves up and looking at it, not just taking the manufacturers' claims at face value. When I did that, I found that it is not secure," he said.

According to Laurie, he can initiate a bluesnarfing attack from his laptop after making a modification to its Bluetooth settings: "It is a standard Bluetooth-enabled laptop and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack and that enables me to perform this attack," he said.

Bluesnarfing has huge potential for abuse because it leave no trace and victims will be unaware that their details have been stolen: "If your phone is in your pocket, you will be completely unaware," he said.

Laurie said he has had trouble getting the major handset manufacturers to admit the problem exists: "I have had experts telling me that it can't possibly exist because they have been trying to do this and failing."

Although the problem may affect other Bluetooth devices, such as laptops, Laurie said they are more difficult to target because the systems are more complex: "Mobiles are liable to be more vulnerable simply because the resources for menus and configuration are limited. Manufacturers try and make Bluetooth simple to use on phones, so you don't have much granularity in setting options. On a lot of phones, Bluetooth is either on or off," he said.

Laurie said that for now, there is no fix available. He said that the only way to be completely safe is to switch off the Bluetooth functionality.

AL Digital has developed several proof-of-concept utilities, but has not released them into the wild, said Laurie. They include: Bluestumbler, to monitor and log all visible Bluetooth devices (name, MAC address, signal strength, capabilities), and identify the manufacturer from MAC address lookup; and Bluesnarf, which can copy data from a target device.

According to the AL Digital's bluestumbler Web site, vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 and Z1010; and Nokia 6310, 6310i, 7650, 8910 and 8910i.

Nokia and Sony Ericsson were not immediately available for comment.

The other article text (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8236332)

Google cache:
http://216.239.59.104/search?sourceid=navc lient-me nuext&q=cache:http%3A//www.bluestumbler.org/

Summary

There are serious flaws in the authentication and/or data transfer mechanisms on some bluetooth enabled devices. Specifically, two vulnerabilities have been found:

Firstly, confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar.

Secondly, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be "backed up" to an attacker's own system.

Finally, the current trend for "Bluejacking" is promoting an environment which puts consumer devices at greater risk from the above attacks.

Vulnerabilities

The SNARF attack:

It is possible, on some makes of device, to connect to the device without alerting the owner of the target device of the request, and gain access to restricted portions of the stored data therein, including the entire phonebook (and any images or other data associated with the entries), calendar, realtime clock, business card, properties, change log etc. This is normally only possible if the device is in "discoverable" or "visible" mode, but there are tools available on the Internet that allow even this safety net to be bypassed[4]. Further details will not be released at this time (see below for more on this), but the attack can and will be demonstrated to manufacturers and press if required.

The BACKDOOR attack:

The backdoor attack involves establishing a trust relationship through the "pairing" mechanism, but ensuring that it no longer appears in the target's register of paired devices. In this way, unless the owner is actually observing their device at the precise moment a connection is established, they are unlikely to notice anything untoward, and the attacker may be free to continue to use any resource that a trusted relationship with that device grants access to (but note that so far we have only tested file transfers). This means that not only can data be retrieved from the phone, but other services, such as modems or Internet, WAP and GPRS gateways may be accessed without the owner's knowledge or consent. Indications are that once the backdoor is installed, the above SNARF attack will function on devices that previously denied access, and without the restrictions of a plain SNARF attack, so we strongly suspect that the other services will prove to be available also.

Bluejacking:

Although known to the technical community and early adopters for some time, the process now known as "Bluejacking"[1] has recently come to the fore in the consumer arena, and is becoming a popular mechanism for exchanging anonymous messages in public places. The technique involves abusing the bluetooth "pairing"[2] protocol, the system by which bluetooth devices authenticate each other, to pass a message during the initial "handshake" phase. This is possible because the "name" of the initiating bluetooth device is displayed on the target device as part of the handshake exchange, and, as the protocal allows a large user defined name field - up to 248 characters - the field itself can be used to pass the message. This is all well and good, and, on the face of it, fairly harmless, but, unfortunately, there is a down side. There is a potential security problem with this, and the more the practice grows and is accepted by the user community, and leveraged as a marketing tool by the vendors, the worse it will get. The problem lies in the fact that the protocol being abused is designed for information exchange. The ability to interface with other devices and exchange, update and synchronise data, is the raison d'etre of bluetooth. The bluejacking technique is using the first part of a process that allows that exchange to take place, and is therefore open to further abuse if the handshake completes and the "bluejacker" successfully pairs with the target device. If such an event occurs, then all data on the target device bacomes available to the initiator, including such things as phone books, calendars, pictures and text messages. As the current wave of PDA and telephony integration progresses, the volume and quality of such data will increase with the devices' capabilities, leading to far more serious potential compromise. Given the furore that errupted when a second-hand Blackberry PDA was sold without the previous owner's data having been wiped[3], it is alarming to think of the consequences of a single bluejacker gathering an entire corporate staff's contact details by simply attending a conference or camping outside their building or in their foyer with a bluetooth capable device and evil intent. Of course, corporates are not the only potential targets - a bluejacking expedition to, say, The House of Commons, or The US Senate, could provide some interesting, valuable and, who's to say, potentially damaging or compromising data.

The above may sound alarmist and far fetched, and the general reaction would probably be that most users would not be duped into allowing the connection to complete, so the risk is small. However, in today's society of instant messaging, the average consumer is under a constant barrage of unsolicted messages in one form or another, whether it be by SPAM email, or "You have won!" style SMS text messages, and do not tend to treat them with much suspicion (although they may well be sceptical about the veracity of the offers). Another message popping up on their 'phone saying something along the lines of "You have won 10,000 pounds! Enter this 4 digit PIN number and then dial 0900-SUCKER to collect your prize!" is unlikely to cause much alarm, and is more than likely to succeed in many cases.

Workarounds and fixes

We are not aware of any fixes for the SNARF attack at this time other than to switch off bluetooth.

To permanently remove a pairing, and protect against future BACKDOOR attacks, it seems you must perform a factory reset, but this will, of course, erase all your personal data.

To avoid Bluejacking, "just say no". :)

The above methods work to the best of our knowledge, but, as the devices affected are running closed-source proprietory software, it not possible to verify that without the collaboration of the manufacturers. We therefore make no claims as to the level of protection they provide, and you must continue to use bluetooth at your own risk.

Who's Vulnerable

To date the quantity of devices tested is not great. However, due to the fact that they are amongst the most popular brands, we still consider the affected group to be large. It is also assumed that there are shared implementations of the bluetooth stack, so what affects one model is likely to affect others.

The devices known to be vulnerable at this time are:

Vulnerability Matrix
Make Model BACKDOOR SNARF when Visible SNARF when NOT Visible
Ericsson T68 ? Yes No
Sony Ericsson R520m ? Yes No
Sony Ericsson T68i ? Yes ?
Sony Ericsson T610 ? Yes No
Sony Ericsson Z1010 ? Yes ?
Nokia 6310 ? Yes Yes
Nokia 6310i Yes Yes Yes
Nokia 7650 Yes Yes ?
Nokia 8910 ? Yes Yes
Nokia 8910i ? Yes Yes

Disclosure

What is the Philosophy of Full Disclosure, and why are we providing the tools and detailing the methods that allow this to be done? The reasoning is simple - by exposing the problem we are achieving two goals: firstly, to alert users that the dangers exist, in order that they can take their own precautions against compromise, and secondly, to put pressure on manufacturers to rectify the situation. Consumers have a right to expect that their confidential data is treated as such, and is not subject to simple compromise by poorly implemented protocols on consumer devices. Manufacturers have a duty of care to ensure that such protection is provided, but, in practice, commercial considerations will often take precedence, and, given the choice, they may choose to simply supress or hide the problem, or, even worse, push for laws that prevent the discovery and/or disclosure of such flaws[5]. In our humble opinion, laws provide scant consumer protection against the lawless.

However, having said that, in this particular case, we do not feel it is appropriate to follow the normal procedure of liaising with manufacturers and giving them an opportunity to rectify the problem before disclosing to the general public (this is not to say we haven't contacted them - we have), as there are simply too many of them, and the problem is too widespread to realistically believe that they could either adhere to the strict levels of confidentiality required until the problem has been rectified, or that there is even the possibilty that the problem can be rectified in a reasonable timescale. Also, the volume of data currently at risk is too great to allow the situation to continue unchecked.

Instead, we feel it is more important to achieve our primary goal, and alert the general public to the fact that the problem exists, and to give them the information required to adequetely defend themselves. Fortunately, the defence is relatively simple, and is detailed above. To date we do not have a large selection of phones or other devices to test, so the advice is somewhat generic, but we will publish more detailed information as and when it becomes available.

Tools

Proof of concept utilities have been developed, but are not yet available in the wild. They are:

bluestumbler - Monitor and log all visible bluetooth devices (name, MAC, signal strength, capabilities), and identify manufacturer from MAC address lookup.
bluebrowse - Display available services on a selected device (FAX, Voice, OBEX etc).
bluejack - Send anoymous message to a target device (and optionally broadcast to all visible devices).
bluesnarf - Copy data from target device (everything if pairing succeeds, or a subset in other cases, including phonebook and calendar. In the latter case, user will not be alerted by any bluejack message).
Tools will not be released at this time, so please do not ask. However, if you are a bona-fide manufacturer of bluetooth devices that we have been otherwise unable to contact, please feel free to get in touch for more details on how you can identify your device status.

Credits

The above vulnerabilities were discovered by Adam Laurie, during the course of his work with A.L. Digital, in November 2003, and this announcement was prepared thereafter by Adam and Ben Laurie for immediate release.

Adam Laurie is Managing Director and Chief Security Officer of A.L. Digital Ltd.

Ben Laurie is Technical Director of A.L. Digital, and author of Apache-SSL and contributor to many other open source projects, too numerous to expand on here.

A.L. Digital Ltd. are the owner operators of The Bunker, the world's most secure data centre(s).

e: adam@algroup.co.uk w: http://www.aldigital.co.uk w: http://www.thebunker.net

e: ben@algroup.co.uk w: http://www.apache-ssl.org/ben.html

Further information relating to this disclosure will be updated at http://www.bluestumbler.org

References:

[1]

http://www.bluejackq.com/
http://www.theregiste r.co.uk/content/6/33781.html
http://news.bbc.co.u k/1/hi/technology/3237755.stm

[2]

http://www.palowireless.com/infotooth/tutorial/l mp .asp

[3]

http://www.out-law.com/php/page.php?page_id=blac kb erryforsale1061969777

[4]

bluesniff
btscanner
redfang

[5]

http://www.eff.org/

In the news

BBC News Technology Page
The Register

Other related links
The Bluetooth SIG: http://www.bluetooth.org/
Bruce Potter's Defcon-11 presentation: http://www.shmoo.com/~gdead/dc-11-brucepotter.ppt
@Stake's Bluetooth Discovery Paper: http://www.atstake.com/research/reports/acrobat/at stake_war_nibbling.pdf
Marcel Holtmann's German papers: http://www.holtmann.org/papers/bluetooth/
Bluetoo th Device Security Database: http://www.betaversion.net/btdsd/

Copyright (c) 2003, Adam Laurie, Ben Laurie, A.L. Digital Ltd., all rights reserved.
Last updated 7th Jan, 2004

First article text (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8236345)

I should have posted this first.

Nokia admits multiple Bluetooth security holes

Munir Kotadia
ZDNet UK
February 09, 2004, 17:50 GMT

Tell us your opinion

Nokia has admitted that a number of its Bluetooth handsets are vulnerable to bluesnarfing - in which data can be stolen from a phone without the owner's knowledge

Nokia has admitted that some of its Bluetooth-enabled mobile phones are vulnerable to "bluesnarfing", which is where an attacker could read, modify and copy a phone's address book and calendar without leaving any trace of the intrusion.

Following networking and security firm AL Digital's revelation that at least ten handsets from Nokia, Sony Ericsson and Ericsson were vulnerable to a bluesnarfing attack, a Nokia spokesperson told ZDNet UK that the company is aware of "security issues" relating to Bluetooth devices that "makes it possible to download and modify phone book, calendar and other information on the phone without the owner's knowledge or consent, if Bluetooth is turned on."

However, the spokesperson said the attack was only possible if the phone was in 'visible mode' where it is set to actively search for other Bluetooth devices. The company admitted that a bluesnarf attack "may happen in public places, if a device is in the 'visible' mode, and the Bluetooth functionality is switched on. The phones vulnerable to 'snarf' attack include the Nokia 6310, 6310i, 8910 and 8910i phones as well as devices from another manufacturer."

According to Nokia, if an attacker had physical access to the 7650, the bluesnarf attack would not only be possible, but it would also allow the attacker's Bluetooth device to "read the data on the attacked device and also send SMS messages and browse the Web via it." The company said it had not been able to recreate this "backdoor" attack on the 6310, but would not confirm if the other models were vulnerable.

Nokia also admitted that its 6310i handset is vulnerable to a Denial of Service attack when it receives a "corrupted" Bluetooth message: "A DoS attack would happen if a malicious party sends a malformatted Bluetooth... message to re-boot a victim's Nokia 6310(i). We have repeated the attacks and found that there are some corrupted Bluetooth messages that could crash the Nokia 6310(i) phone," said the spokesperson, who sought to reassure customers by saying that following the crash, the phone will reset and function normally.

Nokia will not be releasing a fix for the devices in the near future because it said the attacks are limited to "only a few models" and it does not expect them to "happen at large".

The company advises customers in public places to set their phones to "invisible" or switch the Bluetooth functionality off: "In public places, where the above mentioned devices with Bluetooth technology might be targets of malicious attacks, at least in theory, the safest way to prevent hackers is to set the device in non-discoverable mode -- 'hidden' -- or switch off the Bluetooth functionality. This does not affect other functionalities of the phone," the spokesperson said.

A Sony Ericsson spokesperson told ZDNet UK the company is "looking into" the matter and expected to make a statement on Tuesday.

Big Woop. (1)

INSSOMNIAK (12036) | more than 10 years ago | (#8236313)

No one wanders about with their phone whilst it is discoverable anyway.

Looked more like an attempt to get advertising for their hosting company to me.

I was interested to see the Z1010 on the list when the commercial version isn't out yet.

Re:Big Woop. (2, Informative)

zerosignal (222614) | more than 10 years ago | (#8236494)

I have my phone (non-Nokia) on discoverable all the time for convenience. I run Mac OS X, and use the Address Book application to send SMS messages via the phone. I also have iSync configured to automatically sync my address book once a day when the phone is in the vicinity of the Mac. I don't notice a major drain on the battery with Bluetooth kept on. Having to disable it every time I went outside would be very annoying.

Re:Big Woop. (3, Informative)

INSSOMNIAK (12036) | more than 10 years ago | (#8236702)

You only need to be discoverable when you are pairing. After that you can keep bluetooth on and it is _supposed_ to only talk to those devices you know about.

Re:Big Woop. (0)

Anonymous Coward | more than 10 years ago | (#8236646)

From the article:
"Bluesnarfing is said to affect a number of Sony Ericsson, Ericsson and Nokia handsets, but some models are at greater risk because they invite attack even when in 'invisible mode' --
in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices."

Re:Big Woop. (1)

INSSOMNIAK (12036) | more than 10 years ago | (#8236746)

Which is a fault with Nokia and not with bluetooth.

If you were stupid enough to buy a Nokia phone, tough luck.

Unbelievable (2, Interesting)

sufehmi (134793) | more than 10 years ago | (#8236314)

I can't believe this, a company as big as Nokia making mistake as stupid as this ?

I thought most people would have learned something on the WiFi fiasco by now, especially Nokia (who also make security products such as firewalls by the way)

Now let's see if they're dedicated enough to their customers to fix this problem quickly.
In the meantime, it's good idea to keep this on the headlines of the media.

On another note, I'd be interested about other bluetooth-enabled devices - handsfree headset ? iPAQs? Palm? Sony Clies?

Re:Unbelievable (4, Insightful)

ebbe11 (121118) | more than 10 years ago | (#8236607)

I can't believe this, a company as big as Nokia making mistake as stupid as this ?

I can. The mobile phone manufactures in general and Nokia in particular is very much focused on time-to-market. That means that their phones are not always finished when they hit the shelves. To be fair, neither was my Ericsson R520m phone when I first got it.

Re:Unbelievable (1)

Xoder (664531) | more than 10 years ago | (#8237832)

And your phone is vulnerable too [bluestumbler.org] . At least when it's discoverable.

Solution: Employ Hackers (2, Insightful)

Channard (693317) | more than 10 years ago | (#8236317)

Some companies already do, I'd imagine, but surely the solution would be to employ - and pay decently - people who've highlighted vulnerabilities in previous products/systems to go at phones/etc like the clappers, trying to find any vulnerabilities. Granted, few products are going to be 100% secure but surely it'd be better than holes like this cropping up.

Irony (2, Funny)

Dave9876 (591025) | more than 10 years ago | (#8236318)

The ad I got on the page with that article...

Advertising nokia as a business mobility solution. Want to keep your business contacts a secret?

It could be a lot worse... (2, Interesting)

heironymouscoward (683461) | more than 10 years ago | (#8236338)

Except that Nokia have built Bluetooth support only into a limited number of phones, mainly those aimed at the "business market". For instance, my 6800 has almost every conceivable option but no Bluetooth.

I can't guess their reasons for not including Bluetooth with all their more expensive models, since it can't cost more than one Euro or so, but at least it means that of all the phones out there, relatively few are exploitable.

Re:It could be a lot worse... (4, Interesting)

sokeeffe (210737) | more than 10 years ago | (#8236406)

This is exactly the reason why its such a big issue.

As an consumer, if you have a bluetooth phone all you are likely to have is the phone number of your friends.

As a geek, you are more than likely to have a PDA for keeping anything more detailed/sensitive.

Business users, executives etc. are more likely to use the advanced functions of there phones and therefore it is they that are most at risk to losing sensitive data.

So, whilst most models dont have bluetooth, the ones that do are the ones that are liekly to have the most valuable information.

Re:It could be a lot worse... (0)

Anonymous Coward | more than 10 years ago | (#8236558)

I disagree that personal phone numbers are worth less than business ones. In fact this is just a silly thing to say. Almost everyone's phone has a mix of personal and business data on it. And if everyone was exposed to this problem it would most definitely be worse than if only a minority of phones are vulnerable. Many 'geeks' have MMS phones which often don't have Bluetooth, falling into the 'consumer' market.

Re:It could be a lot worse... (1)

sokeeffe (210737) | more than 10 years ago | (#8238494)

I disagree that personal phone numbers are worth less than business ones. In fact this is just a silly thing to say.

What?!? If someone is trying to exploit this security hole do you really think they'd be bothered to get the phone number of your mate Billy? I think they'd be far more interested in getting the numbers from a coperate exec phone or other information that isn't readily available.

Sure you could ring a company and ask to speak to a CEO but if you had his/her mobile number you could have a lot more fun.

Re:It could be a lot worse... (-1)

yatest5 (455123) | more than 10 years ago | (#8236448)

since it can't cost more than one Euro or so

Er, the Bluetooth chip alone costs 50 bucks.

Re:It could be a lot worse... (0)

Anonymous Coward | more than 10 years ago | (#8236496)

You are out by a factor of 10 [com.com] .

1 Euro may be optimistic, but 2 Euro seems accurate.

Like they say, - NEVER - TRUST - a - SWEDE (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8236367)

What he said

Hah, I'm Safe! (2, Funny)

GonzoDave (743486) | more than 10 years ago | (#8236425)

Who'd want to hack an N-Gage?

Both ZDNET and Nokia wrong (3, Informative)

linuxislandsucks (461335) | more than 10 years ago | (#8236461)

You have to turn off bluetooth functionability to be safe..

Nokia is vunerabile to both having the device detect on and off in the hacks..

according to the bleustumbler.org site..

nokia is not the only one (5, Interesting)

collin.m (207384) | more than 10 years ago | (#8236482)

Nokia is not the only phone maker with broken or stupid bluetooth implementations. Just look at the Siemens S55 which by default (when bluetooth is on) accpets any kind of files and saves them to your phones inbox. Also it has several bugs, like the Nokia. I'm have setup a small website (http://www.betaversion.net/btdsd/) with a currently very small list of bluetooth capable phones with there security settings and bugs. I tell you bluetooth will be real fun in the future :-)

Re:nokia is not the only one (0)

Anonymous Coward | more than 10 years ago | (#8237695)

Just look at the Siemens S55 which by default (when bluetooth is on) accpets any kind of files and saves them to your phones inbox.

And that is a problem? You can say the same for any mail server. I think it's rather convenient to be able to send people my personal details without too much of a hassle. And the inbox you talk about is a dedicated area for files received via bluetooth and irda. Really don't see the problem here.

Re:nokia is not the only one (1)

collin.m (207384) | more than 10 years ago | (#8238234)

You can activate authentication - when authentication is active you just get a popup and need to confirm the connection (yes|no). This doesn't make the communication more difficult it just makes it more secure.

What's the truth? (4, Interesting)

Tug3 (567419) | more than 10 years ago | (#8236516)

Interestingly from what I have read about the security vulnerabilities with the *five* models affected by this (Nokia 6310, 6310i, 8910, 8910i and 7650), Nokia has confirmed only that the 7650 has the problem. Also reported that some SonyEricsson phones would have similar vulnerabilities, but it was not stated which models. So, I take it that at least these five Nokia phones have the Bluetooth holes. But what is interesting is that different news-feeds report Nokia confirming/denying different models! What this really tells us that the writers of the news themselves are either: 1) Too lazy to look it up from Nokia itself. 2) Too naive to take some other newsfeeds info as a fact. 3) Too inexperienced to check the validity of the info. 4) Too ??? to ??? So, who made the mistake? ALL the "reporters" who did not check the validity of the news by themselves straight from the source.

Re:What's the truth? (1)

drinkypoo (153816) | more than 10 years ago | (#8238219)

So, who made the mistake? ALL the "reporters" who did not check the validity of the news by themselves straight from the source.

That's ok, there will always be a job for them here at slashdot.

Is Nokia the mobile Microsoft? (2, Funny)

nSignIfikaNt (732122) | more than 10 years ago | (#8236531)

From the article: Nokia will not be releasing a fix for the devices in the near future because it said the attacks are limited to "only a few models" and it does not expect them to "happen at large".

Doesn't seem smart to me. Admit there is a vulnerability then say you aren't going to fix it. I'm surprised they didn't say the "fix" would be released in the next versions of the affected phones and customers would need to upgrade following their easy and costly upgrade path.

Of course a bulk enterprise license would cover any future upgrades but you would still have to buy a license for each phone call you make with the new phone.

Wireless is inherently insecure (1, Insightful)

ajs318 (655362) | more than 10 years ago | (#8236542)

I'm glad I still have my old 3210. As long as it continues to make a noise when someone dials it and transmit my voice and their voice in mutually opposite directions when answered, then I have no reason to replace it.

When you're sending data over the air, then you have no way of knowing who is listening. That's why my home LAN is wired -- so I at least know if anyone is tapping me, then they must be on the inside. And I wouldn't trust the phone companies to build in any kind of security either; MI5 would never let them get away with it. You should assume any part of the network you can't see is tappable if not actually tapped. The best form of telephone security is to keep all messages short and hope they aren't listening when you're speaking.

Not true - wires leak like hell (4, Interesting)

CrystalFalcon (233559) | more than 10 years ago | (#8236818)

That's why my home LAN is wired -- so I at least know if anyone is tapping me, then they must be on the inside.

This isn't true -- you can pick up (copper) LAN signals from a reasonable distance, which is why the military always uses fiber outside of shielded environments. At least when sensitive data is expected to travel along the pipes.

The most obvious way to test this is to place an ordinary FM radio antenna along the network wire and see how much junk you are picking up; you can clearly hear the intensity of the network traffic.

I heard this traffic when sitting in my car in the company parking lot at one of my previous jobs and so knew when the builds were done.

Granted, the equipment is fairly expensive, but don't think for a second that you're safe because you're wired. Wires leak like hell.

Re:Not true - wires leak like hell (2, Interesting)

ajs318 (655362) | more than 10 years ago | (#8237155)

Um, you know, you could be right with that one, especially since I upgraded from thin co-ax to Cat5. Although I thought the twisted pairs had some sort of a shielding effect. And also, most of my kit seems to give off plenty of RF noise, so maybe that helps to mask it.

An ordinary radio set gives only a qualitative estimate. To recover the actual data, you'd need equipment costing more than any of my data is worth {but I wouldn't put it past the M.I.B. to sue me for wasting their time with junk data}. You'd also probably need to be inside my house {which is usually occupied, due to become occupied soon, or locked} and near the actual segment carrying the data; and, since the ADSL connection goes off into who knows where, that would probably be the easier target.

Also, the military deliberately go overboard on security so as in order to make people think things are less secure than they really are. Overkill is just part of the theatre: it makes the top brass feel important, and it cultivates insecurity among the lower ranks.

Re:Not true - wires leak like hell (1, Funny)

Anonymous Coward | more than 10 years ago | (#8238200)

> Although I thought the twisted pairs had some sort of a shielding effect.

Maybe a little, but what do you think the U in UTP stands for?

Protected 6310 (4, Funny)

Fizzl (209397) | more than 10 years ago | (#8236577)

I think I hava 6310 from the first batch. Never bothered to flash it because I rarely use it.

This one does not have the vulnerability. You see, if you switch bluetooth on, the whole phone crashes immediately.

But I only just got it! (2, Funny)

Joe Enduser (527199) | more than 10 years ago | (#8236590)

Great. Only Saturday I got my 7650 in a sale, and I bought it primarily for its bluetooth capabilities!

Well, I guess it was worth those 48 hours of carefree wireless toying...

Re:But I only just got it! (1)

collin.m (207384) | more than 10 years ago | (#8236861)

The Nokia 7650 is differnet and should be secure as long as nobody then you has physical access to it.
All OBEX communications (the stuff that is buggy) needs to be accepted by you and this is for the communication to start (not like other phones - do you want to save "exploit"? *BANG*)

wireless protocols? (0)

Anonymous Coward | more than 10 years ago | (#8236700)

Curious, why don't all wireless devices use something like SSH?

So does that make it ... (1)

Darken_Everseek (681296) | more than 10 years ago | (#8237219)

Warphoning? Grossly overused prefix, but I'm surprised no one else has mentioned it.

I wonder how long it takes before people using voice dial find themselves calling Elbonia..

It's bad implementation, not specification (3, Informative)

rassie (452841) | more than 10 years ago | (#8237269)

If nothing has changed since AL Digital released the it on bugtraq, then the most serious issues only affect phones that have previously been paired with the attacking Bluetooth device.

This means that you have to have given the attacker access to privileged services at one point in time, and then deleted him.

If you had not deleted him, he would obviously still have access.

But it is the missing deletion that is the problem.

You should not pair your device with any devices except your own. Your PDA requires to be paired with your Phone, Laptop, and access point, so it can dial up, synch, and have LAN access etc. But you don't have to pair it to send your business card to somebody else. There is no reason to pair with Joe Hackers device. So for most of the cases described by AL Digital it is just a bad implementation which does not affect the majority of users.

For the rest of the cases it is also a bad implementation by Nokia and "possibly other manufacturers", it is not a vulnerability in the protocol.

From the article... (2, Informative)

ErnstKompressor (193799) | more than 10 years ago | (#8238464)

According to the AL Digital's bluestumblerWeb site, vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 andZ1010; andNokia 6310, 6310i, 7650, 8910 and 8910i.


Well that is just about all of the bluetooth phones out there then?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?