The BBC News posted an article about a potential loophole in security for Bluetooth phones. The security risk can allow unwanted capture of ones address book.
Security experts are warning that the Bluetooth short-range radio technology can leave people vulnerable to the hi-tech equivalent of pickpockets.
In laboratory tests researchers have managed to steal information including address books and images from handsets by exploiting shortcomings in Bluetooth security.
Because Bluetooth technology uses radio signals to transmit data from object to object, the radio signals are there for anyone to intercept. To understand the code within the signal there usually has to be some type of permitted connection between the devices. The security hole allows for the data to be read without that permitted connection.
Ordinarily swapping anything more than minimal data between phones should be impossible unless the phones are “paired” and their respective owners have agreed a passcode.“What we found was that we can take it one step further and bypass the pairing requirement and go straight for some of the contacts on the telephone,” he said.
This vulnerability has been found on the SonyEricsson T68i and T610 phones and the Nokia 6310 and 7650 handsets.
This hole was found through the technique called “bluestumbling”, which is a popular program used by hackers to find wi-fi networks. Details for using the technique to gain access to Bluetooth phones has not been figured out in the hacking arena. Experts believe that in the up coming weeks the secret will be out.
“At the moment there are no tools out there and no details as to how it is done,” he said, “but it will happen, someone will work out how to do it in the coming weeks.”
Other security experts such as Ollie Whitehouse from @stake and Bruce Potter from Network Solutions have written about problems in Bluetooth, some of which have been fixed in new releases of the core software.
Anders Edlund, spokesman for the Bluetooth organisation that oversees the technology, pointed out that the new vulnerabilities have yet to be publicly verified and saw no reason to worry.
“I think the built-in security on Bluetooth is pretty good,” he said. “It has been discussed in the security group and it does not seem like they are too worried about it.”
Nick Hunn, from Bluetooth chip maker TDK, said there were probably better ways of getting data from a phone.
If you wanted information from someone’s handset you would probably try and nick it rather than do it electronically,” he said.
Related Articles
No user responded in this post
Leave A Reply