From: blitz
Date: Thu Feb 12, 2004 2:52pm
Subject: Cracks appear in Bluetooth security
From ISN, today...
>http://www.computerworld.com/securitytopics/security/story/0,10801,90131,00.html
>
>By John Blau
>FEBRUARY 11, 2004
>
>Be careful the next time you turn on your Bluetooth-enabled phone:
>You could unknowingly be opening the door to a nasty intruder who
>could steal confidential information such as your address book or even
>use your phone to make expensive calls.
>
>Security experts in the U.K. have discovered serious flaws in some
>Bluetooth-enabled phones, prompting one supplier of the vulnerable
>phones, Nokia Corp., to recommend precautionary measures.
>
>"We have developed a tool that allows us to connect to a number of
>Bluetooth-enabled phones and download all sorts of confidential
>information, such as address books, calendars and other attachments
>without going through the normal pairing, or handshaking, process
>between devices," said Adam Laurie, technical director and co-founder
>of A.L. Digital Ltd. in London. "In fact, we have been able to obtain
>this confidential data without giving users any indication whatsoever
>that an intrusion is taking place."
>
>A.L. Digital has discovered security flaws in four Nokia phone models:
>6310, 6310(i), 8910 and 8910(i).
>
>Janne Ahlberg, manager of technology platforms at Nokia, confirmed on
>Wednesday that these models are susceptible to potential attacks.
>Users of these phones in public places should either switch their
>phone to the "nondiscoverable" or hidden mode, making them invisible
>to others, or turn off the Bluetooth functionality completely, he
>recommended. Users should also check that their Bluetooth "pairings,"
>or approved connections with trusted partners, are correct.
>
>The U.K. security company detected similar flaws in phones
>manufactured by Sony Ericsson Mobile Communications AB. The Sony
>Ericsson models include the R520, T68i, T610 and Z1010.
>
>Sony was unavailable for immediate comment.
>
>Bluetooth technology allows users to swap data between mobile phones,
>PDAs, notebook computers and a string of other devices within a few
>meters of each other. It's becoming a standard feature of many
>high-end devices.
>
>Until now, the only known Bluetooth security shortcoming has been
>"bluejacking," an increasingly popular means of exchanging short
>three- or four-word messages in the display area designated for the
>name of the initiating device, according to Laurie. The process,
>essentially, allows communication to take place without pairing, which
>requires partners to exchange a personal identification number (PIN)
>to establish a connection.
>
>But Laurie said he and his colleagues at A.L. Digital have uncovered
>not one but two new security flaws. He referred to the one as
>"bluesnarf" and the other as a backdoor attack.
>
>"Bluesnarf is a tool I've written that allows you to bypass the
>pairing process to connect to a Bluetooth-enabled phone and,
>essentially, break into the device to steal or manipulate data," he
>said.
>
>The backdoor attack, according to Laurie, involves establishing a
>trust relationship through the pairing mechanism but later making the
>pairing information invisible on the target's register of paired
>devices to enable an anonymous connection. The process requires
>participating users to first create a PIN and then enter this number
>in each device in order to initiate a connection, he said.
>
>The problem arises, Laurie said, when one of the "trusted" persons
>decides to use the backdoor hacking method to hide the identification
>data and gain unauthorized access to that person's device. "Unless you
>happen to be staring at your phone and see a little icon appear
>indicating a connection, you won't know that anyone has gained access
>to your phone," he said.
>
>Nokia said it isn't aware of any attacks against Bluetooth-enabled
>phones and believes it's "highly unlikely" that these phones will
>become broadly exposed to security attacks.
>
>"From a security viewpoint, Bluetooth is actually very strong,"
>Ahlberg said. "There were just some implementation flaws that made
>these security flaws possible in a couple of models."
>
>Additional information about the security flaws detected by A.L.
>Digital is available online [1].
>
>[1] http://www.bluestumbler.org/
>
>
>
Date: Thu Feb 12, 2004 2:52pm
Subject: Cracks appear in Bluetooth security
From ISN, today...
>http://www.computerworld.com/securitytopics/security/story/0,10801,90131,00.html
>
>By John Blau
>FEBRUARY 11, 2004
>
>Be careful the next time you turn on your Bluetooth-enabled phone:
>You could unknowingly be opening the door to a nasty intruder who
>could steal confidential information such as your address book or even
>use your phone to make expensive calls.
>
>Security experts in the U.K. have discovered serious flaws in some
>Bluetooth-enabled phones, prompting one supplier of the vulnerable
>phones, Nokia Corp., to recommend precautionary measures.
>
>"We have developed a tool that allows us to connect to a number of
>Bluetooth-enabled phones and download all sorts of confidential
>information, such as address books, calendars and other attachments
>without going through the normal pairing, or handshaking, process
>between devices," said Adam Laurie, technical director and co-founder
>of A.L. Digital Ltd. in London. "In fact, we have been able to obtain
>this confidential data without giving users any indication whatsoever
>that an intrusion is taking place."
>
>A.L. Digital has discovered security flaws in four Nokia phone models:
>6310, 6310(i), 8910 and 8910(i).
>
>Janne Ahlberg, manager of technology platforms at Nokia, confirmed on
>Wednesday that these models are susceptible to potential attacks.
>Users of these phones in public places should either switch their
>phone to the "nondiscoverable" or hidden mode, making them invisible
>to others, or turn off the Bluetooth functionality completely, he
>recommended. Users should also check that their Bluetooth "pairings,"
>or approved connections with trusted partners, are correct.
>
>The U.K. security company detected similar flaws in phones
>manufactured by Sony Ericsson Mobile Communications AB. The Sony
>Ericsson models include the R520, T68i, T610 and Z1010.
>
>Sony was unavailable for immediate comment.
>
>Bluetooth technology allows users to swap data between mobile phones,
>PDAs, notebook computers and a string of other devices within a few
>meters of each other. It's becoming a standard feature of many
>high-end devices.
>
>Until now, the only known Bluetooth security shortcoming has been
>"bluejacking," an increasingly popular means of exchanging short
>three- or four-word messages in the display area designated for the
>name of the initiating device, according to Laurie. The process,
>essentially, allows communication to take place without pairing, which
>requires partners to exchange a personal identification number (PIN)
>to establish a connection.
>
>But Laurie said he and his colleagues at A.L. Digital have uncovered
>not one but two new security flaws. He referred to the one as
>"bluesnarf" and the other as a backdoor attack.
>
>"Bluesnarf is a tool I've written that allows you to bypass the
>pairing process to connect to a Bluetooth-enabled phone and,
>essentially, break into the device to steal or manipulate data," he
>said.
>
>The backdoor attack, according to Laurie, involves establishing a
>trust relationship through the pairing mechanism but later making the
>pairing information invisible on the target's register of paired
>devices to enable an anonymous connection. The process requires
>participating users to first create a PIN and then enter this number
>in each device in order to initiate a connection, he said.
>
>The problem arises, Laurie said, when one of the "trusted" persons
>decides to use the backdoor hacking method to hide the identification
>data and gain unauthorized access to that person's device. "Unless you
>happen to be staring at your phone and see a little icon appear
>indicating a connection, you won't know that anyone has gained access
>to your phone," he said.
>
>Nokia said it isn't aware of any attacks against Bluetooth-enabled
>phones and believes it's "highly unlikely" that these phones will
>become broadly exposed to security attacks.
>
>"From a security viewpoint, Bluetooth is actually very strong,"
>Ahlberg said. "There were just some implementation flaws that made
>these security flaws possible in a couple of models."
>
>Additional information about the security flaws detected by A.L.
>Digital is available online [1].
>
>[1] http://www.bluestumbler.org/
>
>
>
<< Home