Pickpockets turn to technology

Posted by: paradox

Pickpockets turn to technology - 11/17/03 12:28 PM

A potential loophole in security for Bluetooth phones, which could see strangers hacking into your address books, has been uncovered.

We all know that the type of mobile phone that you own says a lot about you. In some circles having anything but the latest gadget can send all the wrong signals to your peers.

But if you are not careful your handset could be revealing much more about you than you would like, such as your entire address book. And you may know nothing about it.

Security experts are warning that the Bluetooth short-range radio technology can leave people vulnerable to the hi-tech equivalent of pickpockets.

In laboratory tests researchers have managed to steal information including address books and images from handsets by exploiting shortcomings in Bluetooth security.

Radio risk

The technology, named after 10th Century king who united Denmark and Norway, is supposed to bring devices together and make it easy to swap data between gadgets, be they handsets, printers, PCs, headsets, MP3 players or robot dogs.

Now more than a million Bluetooth equipped devices are being produced every week.

Some people use Bluetooth to do away with the need for wires to connect their handset to a headset. Others are discovering the delights of "bluejacking" which involves sending an anonymous message to another Bluetooth-equipped phone.

But Adam Laurie of security firm AL Digital is worried that vulnerabilities in Bluetooth might be put to more malicious ends.

Mr Laurie got interested in Bluetooth when he bought a headset for his mobile phone.

"I was concerned about the security of my data so I investigated and was not pleased at what I found," he said.

Drawing on the work of other security researchers, he created programs that run on a laptop which scan for Bluetooth handsets and exploit two vulnerabilities to suck down data from phones.

Ordinarily swapping anything more than minimal data between phones should be impossible unless the phones are "paired" and their respective owners have agreed a passcode.

"What we found was that we can take it one step further and bypass the pairing requirement and go straight for some of the contacts on the telephone," he said.

This vulnerability has been found on the SonyEricsson T68i and T610 phones and the Nokia 6310 and 7650 handsets.

Security lapse

Mr Laurie has dubbed the practice of scanning for vulnerable phones "bluestumbling" after a popular program that many hackers have used to find wi-fi networks.

On bluestumbling expeditions to London Mr Laurie said he had found lots of devices that were vulnerable to attack.

He said he was now talking to manufacturers about fixing the vulnerabilities he has discovered.

"At the moment there are no tools out there and no details as to how it is done," he said, "but it will happen, someone will work out how to do it in the coming weeks."

Other security experts such as Ollie Whitehouse from @stake and Bruce Potter from Network Solutions have written about problems in Bluetooth, some of which have been fixed in new releases of the core software.

Anders Edlund, spokesman for the Bluetooth organisation that oversees the technology, pointed out that the new vulnerabilities have yet to be publicly verified and saw no reason to worry.

"I think the built-in security on Bluetooth is pretty good," he said. "It has been discussed in the security group and it does not seem like they are too worried about it."

Nick Hunn, from Bluetooth chip maker TDK, said there were probably better ways of getting data from a phone.

If you wanted information from someone's handset you would probably try and nick it rather than do it electronically," he said.

source: BBC