Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
General TopicsGSMBluetooth
Providers
AlltelATT WirelessCingularFidoNextelSprint PCST-MobileVerizon
Manufacturers
EricssonNokiaMotorola
Country Specific
Australian GroupUK Group
Related Topics
PocketPCPalmMore Topics ...
Cellular Phone Forum / Providers / ATT Wireless / February 2004

Tip: Looking for answers? Try searching our database.

New bluejacking risks exposed, Nokia & S-E mobiles

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
yeltrabnhoj@email.com - 09 Feb 2004 20:39 GMT
AL Digital
http://www.aldigital.co.uk/
announced Nokia 6310, 8910 and 8910i mobiles were found to be at greatest
risk to having their data copied without the owner's consent with a crack
attack over Bluetooth.

The security papers (links, below) suggest keeping some other models of
Bluetooth-capable mobiles 'invisible' to other devices may prevent data
within the phone from being 'bluejacked' with a 'SNARF attack.' At worst,
ony the data within the phone itself could be abducted, so if you don't
keep data in it, and instead keep data within a PDA or notebook, the risk
to you is low.

Yeah, welcome to the 21st century.

However, the authors apparantly got the brush from Sony-Ericsson, Nokia and
the Bluetooth standards body when they raised the issue, so further
attention seems merited.

http://www.commsdesign.com/showArticle.jhtml?artic leID=17601809
http://www.bluestumbler.org/

The latter URL has a number of references and leads to web pages for the
cracking software cited, and it looks like AL Digital may have done their
homework.
--
Nobody but a fool goes into a federal counterrorism operation without duct tape - Richard Preston, THE COBRA EVENT.
Reply to this Message
Mauricio Freitas - 10 Feb 2004 02:28 GMT
> AL Digital
> http://www.aldigital.co.uk/
[quoted text clipped - 21 lines]
> cracking software cited, and it looks like AL Digital may have done their
> homework.

The Snarf attack was discussed October and November last year. Now ZDNET
found the site and makes this big thing out of it. Most of these claims were
since then negated by industry actions.

Signature

Mauricio Freitas
Bluetooth Guides: http://www.geekzone.co.nz/content.asp?contentid=449
Performance Center: http://www.geekzone.co.nz/content.asp?ContentId=2028

Reply to this Message
yeltrabnhoj@email.com - 10 Feb 2004 17:29 GMT
I wrote in message news:4027ef9a.15509562@news.individual.de...

>> AL Digital
>> http://www.aldigital.co.uk/
[quoted text clipped - 21 lines]
>> cracking software cited, and it looks like AL Digital may have done their
>> homework.

>The Snarf attack was discussed October and November last year. Now ZDNET
>found the site and makes this big thing out of it. Most of these claims were
>since then negated by industry actions.

I apprreciate the thoroughness with which you have addressed the
Bluejacking issue at the first URL (op. cit.), but your website does not
address the SNARF attack.  Would you be so kind, please, as to point folks
to the 'industry actions' which 'mostly' negate SNARF vulnerabilities,
especially for the Nokia models cited which are SNARF-vulnerable even if
'discoverable' mode is disabled?

Thank you kindly.

--
Nobody but a fool goes into a federal counterrorism operation without duct tape - Richard Preston, THE COBRA EVENT.
Reply to this Message
William P.N. Smith - 10 Feb 2004 18:22 GMT
>I apprreciate the thoroughness with which you have addressed the
>Bluejacking issue at the first URL (op. cit.), but your website does not
>address the SNARF attack.  Would you be so kind, please, as to point folks
>to the 'industry actions' which 'mostly' negate SNARF vulnerabilities,
>especially for the Nokia models cited which are SNARF-vulnerable even if
>'discoverable' mode is disabled?

Actually, it looks like you can maybe only do "SNARF" attacks on some
models of BT phones with which you've previously had trusted pairing
and removed the pairing.  This isn't much of a vulnerability...

Signature

William Smith
ComputerSmiths Consulting, Inc.    www.compusmiths.com

Reply to this Message
John Doe - 10 Feb 2004 15:00 GMT
> The security papers (links, below) suggest keeping some other models of
> Bluetooth-capable mobiles 'invisible' to other devices may prevent data
> within the phone from being 'bluejacked' with a 'SNARF attack.' At
> worst, ony the data within the phone itself could be abducted, so if you
> don't keep data in it, and instead keep data within a PDA or notebook,
> the risk to you is low.

    "Bluejacking" is simply the act of sending a contact card/item to
available phones within range, and it just used to startle people. This is
nothing to do with "Bluesnarfing" which is the hacking/changing data on
the phone itself.

    Once again, the media grabs the wrong terms.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.