Pickpockets turn to technology

[InfoSec News <isn () c4i org>]

http://news.bbc.co.uk/2/hi/technology/3276315.stm

By Mark Ward 
BBC News Online technology correspondent 
17 November, 2003

A potential loophole in security for Bluetooth phones, which could see 
strangers hacking into your address books, has been uncovered. 
We all know that the type of mobile phone that you own says a lot 
about you. In some circles having anything but the latest gadget can 
send all the wrong signals to your peers. 

But if you are not careful your handset could be revealing much more 
about you than you would like, such as your entire address book. And 
you may know nothing about it. 

Security experts are warning that the Bluetooth short-range radio 
technology can leave people vulnerable to the hi-tech equivalent of 
pickpockets. 

In laboratory tests researchers have managed to steal information 
including address books and images from handsets by exploiting 
shortcomings in Bluetooth security. 

Radio risk 

The technology, named after 10th Century king who united Denmark and 
Norway, is supposed to bring devices together and make it easy to swap 
data between gadgets, be they handsets, printers, PCs, headsets, MP3 
players or robot dogs. 

Now more than a million Bluetooth equipped devices are being produced 
every week. 

Some people use Bluetooth to do away with the need for wires to 
connect their handset to a headset. Others are discovering the 
delights of "bluejacking" which involves sending an anonymous message 
to another Bluetooth-equipped phone. 

But Adam Laurie of security firm AL Digital is worried that 
vulnerabilities in Bluetooth might be put to more malicious ends. 

Mr Laurie got interested in Bluetooth when he bought a headset for his 
mobile phone. 

"I was concerned about the security of my data so I investigated and 
was not pleased at what I found," he said. 

Drawing on the work of other security researchers, he created programs 
that run on a laptop which scan for Bluetooth handsets and exploit two 
vulnerabilities to suck down data from phones. 

Ordinarily swapping anything more than minimal data between phones 
should be impossible unless the phones are "paired" and their 
respective owners have agreed a passcode. 

"What we found was that we can take it one step further and bypass the 
pairing requirement and go straight for some of the contacts on the 
telephone," he said. 

This vulnerability has been found on the SonyEricsson T68i and T610 
phones and the Nokia 6310 and 7650 handsets. 

Security lapse 

Mr Laurie has dubbed the practice of scanning for vulnerable phones 
"bluestumbling" after a popular program that many hackers have used to 
find wi-fi networks. 

On bluestumbling expeditions to London Mr Laurie said he had found 
lots of devices that were vulnerable to attack. 

He said he was now talking to manufacturers about fixing the 
vulnerabilities he has discovered. 

"At the moment there are no tools out there and no details as to how 
it is done," he said, "but it will happen, someone will work out how 
to do it in the coming weeks." 

Other security experts such as Ollie Whitehouse from @stake and Bruce 
Potter from Network Solutions have written about problems in 
Bluetooth, some of which have been fixed in new releases of the core 
software. 

Anders Edlund, spokesman for the Bluetooth organisation that oversees 
the technology, pointed out that the new vulnerabilities have yet to 
be publicly verified and saw no reason to worry. 

"I think the built-in security on Bluetooth is pretty good," he said. 
"It has been discussed in the security group and it does not seem like 
they are too worried about it." 

Nick Hunn, from Bluetooth chip maker TDK, said there were probably 
better ways of getting data from a phone. 

If you wanted information from someone's handset you would probably 
try and nick it rather than do it electronically," he said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.