Flaws discovered in Bluetooth phones

Security experts in the UK have discovered serious flaws in some Bluetooth-enabled phones, prompting Nokia to recommend...

UK security experts have discovered serious flaws in some Bluetooth-enabled phones, prompting Nokia to recommend precautionary measures. 

"We have developed a tool that allows us to connect to a number of Bluetooth-enabled phones and download all sorts of confidential information, such as address books, calendars and other attachments," said Adam Laurie, technical director and co-founder of AL Digital.

"We have been able to obtain this confidential data without giving users any indication whatsoever that an intrusion is taking place."

AL Digital has discovered security flaws in four Nokia phone models: 6310, 6310(i), 8910 and 8910(i).

Janne Ahlberg, manager of technology platforms at Nokia, confirmed that these models are susceptible to potential attacks.

Users of these phones in public places should either switch their phone to the "non-discoverable" or hidden mode, making them invisible to others, or turn off the Bluetooth functionality completely, he said.

Users should also check that their Bluetooth "pairings", or approved connections with trusted partners, are correct. 

AL Digital company detected similar flaws in phones manufactured by Sony Ericsson. These models include the R520, T68i, T610 and Z1010.

Bluetooth technology allows users to swap data between mobile phones, PDAs and notebook computers within a few metres of each other. It is becoming a standard feature of many high-end devices.

Until now, the only known Bluetooth security shortcoming has been "bluejacking",  an increasingly popular means of exchanging short three- or four-word messages in the display area designated for the name of the initiating device.

The process allows communication to take place without pairing, which requires partners to exchange a Pin to establish a connection.

AL Digital has also uncovered two other security flaws, referred to as, "bluesnarf" and "backdoor" attack.
Bluesnarf allows a user to bypass the pairing process to connect to a Bluetooth-enabled phone and break into the device to steal or manipulate data, he said.

The backdoor attack involves establishing a trust relationship through the pairing mechanism but later making the pairing information invisible on the target's register of paired devices to enable an anonymous connection. 

The process requires participating users to first create a Pin and then enter this number in each device to initiate a connection. 

The problem arises when a "trusted" person decides to use the backdoor hacking method to hide the identification data and gain unauthorised access to another device. 

Nokia said that it is unaware of any attacks against Bluetooth-enabled phones and believed it is "highly unlikely" that these phones will become broadly exposed to security attacks.

"From a security viewpoint, Bluetooth is actually very strong," Ahlberg said. "There were just some implementation flaws that made these security flaws possible in a couple of models."

Additional information about the security flaws detected by AL Digital is available at: www.bluestumbler.org.

John Blau writes for IDG News Service

Read more on IT risk management