 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion Groups General General TopicsGSMBluetoothProviders AlltelATT WirelessCingularFidoNextelSprint PCST-MobileVerizonManufacturers EricssonNokiaMotorolaCountry Specific Australian GroupUK GroupRelated Topics PocketPCPalmMore Topics ... |
Cellular Phone Forum / General / Bluetooth / May 2004bluetooth and security
Hi all! Lately I've heard a lot about security leaks in bluetooth phones like the SonyEricsson T610 e.g.. I've been told that without obvious pairing people can use your phone for making calls or sending SMS or "download" your addressbook. Of course I use "hidden mode" for BT, but that just makes it more difficult yet not impossible. What do you guys think about that? Do you switch of BT? Thanks in advance Daniel Hi Daniel, Daniel Brose schrieb: > Hi all! > [quoted text clipped - 4 lines] > makes it more difficult yet not impossible. > What do you guys think about that? Do you switch of BT? From my understanding, running your BT phone in "non-discoverable mode" (this is probably what you call "hidden mode") is sufficient. Guessing the BT address (with "Redfang" or sth. comparable") takes (based on my tests) about 20 secs per probed address. However, there is an address space of (at least) 256 ^ 3 addresses (given the manufacturer of your phone is known to the attacker). So you averagely need 256 ^ 3 * 20 secs / 2 = 5 years to find the address of a non-discoverable phone. This is totally unrealistic. I'm wondering whether anybody here has made other experiences with "Redfang" that would make this tool appear more realistic. Without knowing your device address an attacker is not able to attack your non-discoverable BT phone. Michael  SignatureMichael Schmidt University of Siegen, Germany http: www.nue.et-inf.uni-siegen.de/~schmidt/ e-mail: schmidt _at_ nue.et-inf.uni-siegen.de Hello, > From my understanding, running your BT phone in "non-discoverable > mode" > (this is probably what you call "hidden mode") is sufficient. Guessing yes, "hidden mode" should be ok. > I'm wondering whether anybody here has made other experiences with > "Redfang" that would make this tool appear more realistic. not really > Without knowing your device address an attacker is not able to attack > your non-discoverable BT phone. exactly! ... Collin SignatureCollin R. Mulliner <collin@betaversion.net> bluetooth device security database - http://betaversion.net/btdsd/ Hi all, Collin R. Mulliner schrieb: >>Without knowing your device address an attacker is not able to attack >>your non-discoverable BT phone. > > exactly! thanks a lot for your answers! I feel relieved now... :-) Regards Daniel There is a firmware version that correct the t610 behaviour, since the weakness is in the implementation anche not intrinsic in the bluetooth protocols. In italy formware update is free under warranty Regards. > Hi all! > [quoted text clipped - 7 lines] > Thanks in advance > Daniel |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.