TELECOMS & MOBILE
Expert plays down 'bluesnarfing' threat
10-02-2004
by
Nokia has apparently admitted that certain Bluetooth-enabled devices are susceptible to 'bluesnarfing' attacks, but not everyone is convinced the threat is severe.
A report from CNet News claims that Nokia has admitted that some of its Bluetooth-enabled mobile phones are vulnerable to "bluesnarfing," a Bluetooth-based attack that could allow an attacker to steal calendar information, contact details and other data from unsuspecting victims. The notion of bluesnarfing dates back several months, when Adam Laurie, managing director and chief security officer of British software company AL Digital, said he had uncovered a weakness in Bluetooth, a short-range data protocol on mobiles, PDAs, laptops and accessories.
In the months since, others have tried to recreate the attack method developed by Laurie, mostly with little success. Even Nokia, which this week admitted to CNet that it was aware of Bluetooth-related "security issues," said that it had been unable to recreate a bluesnarf attack on a Nokia 6310i model, although the firm would not comment on experiments with other models.
"Nothing is impossible," said Nick Hunn, a long time proponent and expert on Bluetooth, as well as the managing director with TDK Systems Europe. Hunn has been an outspoken doubter of the Bluesnarfing claims since they first came to light in November 2003.
Speaking with ElectricNews.Net, he said that Nokia's apparent admission, in conjunction with AL Digital's earlier claims, still don't necessarily add up to a gaping hole in Bluetooth through which anyone could steal data off an owner's phone. "As far as we can see, the Bluetooth spec should not allow this to happen," Hunn said. "But perhaps, in some way, on some of these particular handsets... there is probably an error check somewhere on the line" that is causing the problem, he added.
Hunn also said that it was unclear if the problem, if it exists, occurs in every 'off-the-shelf' Bluetooth phone, or just in certain models, or even certain versions of certain models. But one sure-fire way to protect a phone from bluesnarfing is to not put the device in 'visible' mode -- a setting that allows anyone with another Bluetooth device to "see" the phone and certain details about it.
"If you set your phone to 'hidden,' you won't have a problem," said Hunn. Claims over bluesnarfing "are like saying 'this is insecure, so long as you turn all of the security off,'" he added. "I would say that it is still a lot easier to nick a phone rather than try to hack into it."
It's worth noting, however, that Laurie's last update on the Bluestumbler Web Page, where many of his claims are detailed, alleges that some phones are apparently susceptible even while hidden. According to the page, the Ericsson T68, Sony Ericsson R520m, T68i, T610 and Z1010 are all susceptible to bluesnarfing and certain other Bluetooth-related attacks, as are the Nokia 6310, 6310i, 7650, 8910 and 8910i.
Using the subject line to get noticed: Denise Cox argues that to get results you have to make every word work in a subject line.
