Posted by chungagoring
http://news.zdnet.co.uk/communications/wireless/0,39020348,39145881,00.htm
and for wappers. it looks like a new way of bluejacking with ftp bluetooth profile enabled phones lets you browse the inner folder/file structure of any bluetooth device, and this way you can actually "steal" ringtones, images... and contacts.
"
A serious Bluetooth security vulnerability allows mobile phone users' contact books to be stolen. You've heard of bluejacking - now meet 'bluesnarfing'
A security flaw has been discovered in Bluetooth that lets an attacker download all contact details along with other information from a vulnerable phone, while leaving no trace of the attack.
Unlike bluejacking, which is where users can send a message to Bluetooth phones without authorisation, this latest discovery for the wireless-data standard allows data, such as telephone numbers and diary entries, stored in a vulnerable device to be stolen by the attacker. The new exploit is called bluesnarfing.
Bluesnarfing is said to affect a number of Sony Ericsson, Ericsson and Nokia handsets, but some models are at greater risk because they invite attack even when in 'invisible mode' -- in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.
(...)
"
_________________
luiscamino.com
luis gonzalez-camino calleja a.k.a. luiscamino in other forums
clubsonyericsson.com
[ This Message was edited by: chungagoring on 2004-02-09 21:01 ]
Posted by vanquish
stupid bloody name
how about stealing people phone books
bluesnarfing pah!
piece of shit
_________________
Home sweet home
[ This Message was edited by: daredeviluk on 2004-02-09 21:04 ]
Posted by kev.morris
i just read this 10 mins ago and thought it was a silly name. which se phones are effected? and how do you do it???
Posted by MikLSP
Hardly time to run for the hills.
People are quite welcome to my ringtones etc. As for contacts, what they gonna do, ring them to death?! So what.
I also doubt any phones are discoverable when BT is turned off. It's hard enough findin a device when it's on!
Oh and, Yeah it is a silly name
Posted by gelfen
*and some more info*
from ZDNet Australia
Nokia: Bluetooth flaw gnaws at phone security
By Munir Kotadia, ZDNet UK
10 February 2004
Nokia has confirmed that some of its Bluetooth-enabled mobile phones are vulnerable to "bluesnarfing," in which an attacker exploits a flaw to read, modify and copy a phone's address book and calendar without leaving any trace of the intrusion.
Networking and security company AL Digital said on Monday that it had discovered a security flaw in Bluetooth, a wireless data standard, that could allow such an attack. The flaw affects a number of Sony Ericsson, Ericsson and Nokia handsets, but some models--including a handful of Nokia phones--are at greater risk because they invite attack even when in "invisible mode," according to AL Digital.
A Nokia representative told ZDNet UK that the Finnish device maker is aware of "security issues" relating to devices with Bluetooth that "(make) it possible to download and modify phone book, calendar and other information on the phone without the owner's knowledge or consent, if Bluetooth is turned on."
However, the representative said the attack was possible only if the phone was in "visible" mode, or when it is set to actively search for other Bluetooth devices. Nokia said that a bluesnarf attack "may happen in public places, if a device is in the visible mode and the Bluetooth functionality is switched on. The phones vulnerable to 'snarf' attack include the Nokia 6310, 6310i, 8910 and 8910i phones as well as devices from another manufacturer."
According to Nokia, if an attacker had physical access to a 7650 model, a bluesnarf attack would not only be possible, but it would also allow the attacker's Bluetooth device to "read the data on the attacked device and also send SMS messages and browse the Web via it."
The company said it had not been able to recreate this backdoor attack on the 6310 handset, and would not confirm if other models were vulnerable to it.
Nokia also said that its 6310i handset is vulnerable to a denial-of-service attack when it receives a "corrupted" Bluetooth message: "A DoS attack would happen if a malicious party sends a malformated Bluetooth...message to reboot a victim's Nokia 6310i. We have repeated the attacks and found that there are some corrupted Bluetooth messages that could crash the Nokia 6310i phone," said the representative, who sought to reassure customers by saying that following the crash, the phone will reset and function normally.
A Sony Ericsson representative told ZDNet UK the company is "looking into" the matter and expected to make a statement on Tuesday.
Handsets at risk
England-based AL Digital said that the risk of a bluesnarf attack was highest for the four phone models listed by Nokia. Some models were described as more vulnerable than others in invisible mode, in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.
"On some models of phone, you are only vulnerable to attack if you are on visible mode; however, there are other models of phones where you are vulnerable even in nonvisible mode," said Adam Laurie, chief security officer at AL Digital.
AL Digital has developed several proof-of-concept utilities, but has not released them, Laurie said. The utilities include Bluestumbler, designed to monitor and log all visible Bluetooth devices (name, MAC address, signal strength, capabilities), and identify the manufacturer from MAC address lookup; and Bluesnarf, which can copy data from a target device.
According to AL Digital's Bluestumbler Web site, vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 and Z1010; and Nokia 6310, 6310i, 7650, 8910 and 8910i.
Laurie said he discovered the problem when he was asked to test how safe Bluetooth devices actually were. "Before we deploy any new technology for clients or our own staff, one of my duties is to investigate that technology and ensure it is secure--actually rolling your sleeves up and looking at it, not just taking the manufacturers' claims at face value. When I did that, I found that it is not secure," he said.
According to Laurie, he can initiate a bluesnarfing attack from his laptop after making a modification to its Bluetooth settings. "It is a standard Bluetooth-enabled laptop, and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack, and that enables me to perform this attack," he said.
Bluesnarfing has huge potential for abuse because it leaves no trace and victims will be unaware that their details have been stolen, Laurie said. "If your phone is in your pocket, you will be completely unaware."
Although the problem may affect other Bluetooth devices, such as laptops, Laurie said they are more difficult to target because the systems are more complex. "(Mobile phones) are liable to be more vulnerable simply because the resources for menus and configuration are limited. Manufacturers try and make Bluetooth simple to use on phones, so you don't have much granularity in setting options. On a lot of phones, Bluetooth is either on or off," he said.
Laurie said that for now, there is no fix available. He said that the only way to be completely safe is to switch off the Bluetooth functionality.
Nokia will not be releasing a fix for its devices in the near future because the attacks are limited to "only a few models" and it does not expect them to "happen at large," the Nokia representative said. The company is advising customers in public places to set their phones to invisible or switch the Bluetooth functionality off.
"In public places, where the above-mentioned devices with Bluetooth technology might be targets of malicious attacks--at least in theory--the safest way to prevent hackers is to set the device in nondiscoverable mode--'hidden'--or switch off the Bluetooth functionality. This does not affect other functionalities of the phone," the Nokia representative said.
_________________
Gee, does that beat me? I only got two pair - two aces, and another two.
[ This Message was edited by: gelfen on 2004-02-10 01:59 ]
Posted by QooQooJiao
i think T610 is the easiest to bluejack. Not so with Nokia fones. always OBEX errors.
Posted by rdnymllnsktr
Dude, are you dumb? Nokia's are the EASIEST TO BLUEJACK!!! Nokia's don't have an option to keep the bluetooth on, but not visible. Nokia's can be bluejacked the easiest!
Posted by energetic
This is not good at all. I wouldnt want someone to mess with my phone contents. I mean what is next now? Bluevirus? Thinks will not be the same from now on. What if someone removes important/vital files of your mobile and then stop working?
This is very bad!
Posted by shithappens
| Quote: |
|
Posted by gelfen
| Quote: |
|
likelihood is the security holes will be fixed in future firmware and phones. interesting that t6x0 series is listed as potentially vulnerable, but that z600 isn't. possibly slight differences in the pairing implementation, or just an oversight of the article?
still, you can't be snarffed if you don't have it on.
Posted by Vlammetje
interesting how the t610 is 'vulnerable' but not the Z600
but then the Z1010 is??
nonsense..... as for bluevirus.... not too worried myself.
I dun have too many 'classified' info on my phone anyway... what are they gonna do?
Posted by energetic
Well I use the bluetooth only when I am in my car with my headset. Any other time I turn it off. That reduces a bit the risk.
That is what I want to believe anyway.
Posted by shithappens
sweet dreams to you then
Posted by energetic
@shithappens
Posted by Vlammetje
Well I have my
on 24/7 and am always discoverable...... so what?
Posted by energetic
For the moment no problem but later... who knows!
Posted by jazzmeister
man! talk about perpetual paranoia...
Posted by Vlammetje
Well.... just can't be bothered to switch it on and off all the time.....
and would it really be worth developping a 'virus' that works on only 'certain phones os'?
it's not like a windows computer you know?
Posted by energetic
@Vlammetje
This is what we were thinking before in the past regarding computer virus and now am feeling the history is repeated but am not concerned about that. Am concerned about the possibility someone accessing our mobile roms and removing files from there which are vital for our mobile phones. Many people are just having fun bluejacking us already. What about if the same people extend this to another level!
I believe all mobile manufacturers should take some measurements and protect our phones.
Posted by mixin
rule number no1: dont trust people who have bluetooth laptops in public.
Posted by Carlsb3rg
The question is not if your phone is vurnable, the question is HOW to do it ?
I understand that this can be done only with a computer?
Posted by rdnymllnsktr
But how do you tell if a laptop has built-in bluetooth?
Posted by mixin
Carlsb3rg > just modify the bluetooth stack on a bluetooth enabled laptop. I highly doubt it would be possible on a normal mobile
rdnymllnsktr > If the user has a devious look on his face, hes probably upto no good...
Posted by MikLSP
| Quote: |
|
You can't even modify the.ROMs using the phone itself so I doubt anyone can do it externally through a vague BT connection, which are unstable enough at the best of times. (always failed sending, not finding devices etc.)
Also who said this, isn't the issue with contacts, calendar & other user info?
I'm leavin my BT on, I've yet to be Bluejacked never mind snarfed by some computer geek on a laptop!
Posted by Krubach
I think the only way to open a bluetooth serial port to a victims phone with no acceptance, is when the phone is paired with it.
Why the hell would anyone pair the phone with an attacker, by accepting the pairing in the first place!?!??!
_________________
David Bradley (IBM engineer), inventor of Ctrl+Alt+Del:
"I may have invented it, but Bill made it famous".
[ This Message was edited by: Krubach on 2004-02-10 10:47 ]
Posted by laffen
This has been discussed before. See http://www.esato.com/board/viewtopic.php?topic=43767
Also take a look at the comments by a Bluetooth expert from TDK on the theregister.co.uk web site when this was first discussed.
He ends his open letter like this:
...As a Bluetooth manufacturer we've not been approached by A.L. Digital. I've asked them for details of this and look forward to receiving them and putting them to the test. If there is an issue then the Bluetooth industry needs to address it. The people I talk to in the SIG understand the need to get security right and be honest about it - they all saw what the consequence is if you don't - look at the IEEE and 802.11. I suspect that what A.L. Digital have seen is a facet of having previously paired devices and then correlating the subsequent behaviour to that of a pristine, unpaired device. It would not be the first time that mistake has been made.
At the end of the day all security has to come down to the question of what is adequate for the application. In the case of Bluetooth on a mobile phone my interpretation is that the easiest way to get data off the phone is still to nick it. You can't blame Bluetooth for that.
Nick Hunn
Managing Director
TDK Systems Europe Ltd
[ This Message was edited by: laffen on 2004-02-10 12:25 ]
Posted by Krubach
So I was right then...
Posted by andhar
This has been mentioned before, though no one's posted a reply:
Can we assume that the Z600 is vulnerable if the T610 is?
Posted by Babyface
Is there anything that could happen to my phone if the Bluetooth is on (i.e on but not discoverable?)
Posted by vinnieza
some more links:
http://bluestumbler.org/
http://news.com.com/2100-1009_3-5155927.html?tag=cnetfd.buzz
Hope this helps
Posted by 701
I really think u r over-reacting to this.Like MLK said, if they want my contacts they can ask for it, i have nuthin' against donating them.In my country the more ppl call, the more free minutes u get from ur operator, so i'd give 'em my number 1st:D
It's a "fixable" error and it's likely that others errors will appear with time
Just cool it..
Posted by ts_666
they say its possible to access your gprs connection thru bluetooth, even if its not paired.... if u got the right tools, which have yet to see the light of day.... don't get worked up, a phone is a phone, if somebody somehow manages to crash it via bluetooth just go and get it fixed, its not like you have your lifes' work saved on it like you might have on your pc... i'm off to bed, its been a long day
Posted by bionrg
just like viniezza posted, do read http://bluestumbler.org/
the most disturbing fact is that many people dont even know what bluetooth-pairing means, or what eventuall hazards can rise from having paired your phone to another one.... in a 'security way' of speaking.
btw. yes Nokia is the easiest to jack, heheheheh
trust me
[ This Message was edited by: bionrg on 2004-02-11 00:06 ]
Posted by rdnymllnsktr
Read this story. Poor Nokia users. Oh well.
Posted by themarques
Ok guys I tried this out today on my way home....I was on train back from work and wipped out my PowerBook to see if anyone had BT enabled.....and well you guessed 3 phones found. So I I proceeded to the BT menu in the powerbook, those that are familiar will realises it will only give you 2 options SEND FILE OR BROWSE DEVICE. I proceeded to browse device and the phone in mention was an SE T610. It connected without asking me to pair the phones and I proceeded to see the Sub Directories..... my memory is a bit vague now but it was MY PICTURES, MY SOUNDS AND something else...nothing really important. I then selected a picture this person had in the phone and DELETED IT. KNOW BEFORE YOU ALL THINK I AM EVIL...I THEN SENT THE PIC BACK TO HIS OR HER PHONE, and this time it ask for confirmation for the pic to be sent.!!!!!!
So conclusion I guess yes there is some harm that can be done (if you cherish your pic's and sounds) and not much I could see that could be done to damage the phone or use the GPRS.
So I say dont worry to much but dont turn to much of a blind eye on this...
Posted by 392MHz
this last post is a complete bullshit...
you can't even discover a T610 without the owners contribution to set it discoverable...
discoverability lasts for 3 minutes and of course you also need spec. sw.
read this again more carefully
))
http://bluestumbler.org/
[ This Message was edited by: 392MHz on 2004-02-11 22:36 ]
[ This Message was edited by: 392MHz on 2004-02-11 22:52 ]
Posted by 50Cent
JUST TURN UR BLUETOOTH OFF!!!
Posted by havok011101
It was kind of inevitable. I'm sure if i can browse from my computer, someones gonna work out how to do it from a phone nearby!
Posted by wrecked_porsche
OMG !! Panic attack !!
I have a bluetooth Laptop, bluetooth Palm Tungsten T3 PDA and a bluetooth phone !! I'm most worried about my T3 !!
The Phone and laptop i dont care too much for reasons already stated in this thread but my T3 ... 
Posted by energetic
The following came through my e-mail.
From: PANDA SPAIN >
Subject: Oxygen3 24h-365d [Vulnerabilities in Nokia phones - 02/12/04]
TO :
"It takes two to speak the truth-one to speak and another to hear."
Henry David Thoreau (1817-62); US philosopher.
- Vulnerabilities in Nokia phones -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, February 12 2004 - According to Security Corporation -at
http://www.security-corporation.com/articles-20040209-005.html -
vulnerabilities have been detected which could affect the functionality of
Nokia 6310i phones.
The security problems affecting this particular model stem from Bluetooth
and infra red connectivity. Both of these methods support the Object
Exchange (OBEX) protocol to transfer data to and from the telephone. By
using invalid OBEX messages, it is possible to provoke denial of services
which would cause the telephone to reset. Anyone in range of the phone could
launch the attack.
Nokia has confirmed that the vulnerability affect its 6310i phones. It is
also possible however that other similar Nokia devices could be affected by
malformed OBEX packets.
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's
free online scanner: 1) Mydoom.A; 2)Downloader.L; 3)Bugbear.B; 4)Parite.B;
5)Klez.I.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
Posted by Ronnie Biggs
Sony Ericsson advises users to turn off Bluetooth
Sony Ericsson has joined Nokia in admitting that its Bluetooth
phones could be vulnerable to a 'snarfing' attack, meaning
that a hacker can access data even if the phone is not paired
with another Bluetooth device
http://newsletters.zdnetuk.cneteu.net/t/2580/882734/1042/0/
Posted by Jowi
q?
on our
phones, even if the is on but its not on discoverable, others may not detect it?
Posted by djpowelly
Just a small idea....
If i have my
on, I hold my phone in my hand, to BJack! When a connection is made, the little blue light on my T68i goes mad, meaning something is happening. And also, there is a little data transfer icon on the screen. So it could be detectable, just not that well....
Just my 2 pence!
_________________
One of the only Black T68i's and waiting on a P800!!
[ This Message was edited by: djpowelly on 2004-02-13 11:55 ]
[ This Message was edited by: djpowelly on 2004-02-13 11:55 ]
Posted by gelfen
taken from ZDNet Australia
Bluesnarfing tools 'spreading quickly'
By Munir Kotadia, ZDNet UK
17 February 2004 Add your opinion
An MP has called for mobile phone manufacturers to make a greater effort and fix the Bluetooth security problems in their handsets after a researcher revealed that software tools enabling a bluesnarf attack are widely available on the Internet.
Bluesnarfing is a method of hacking into a Bluetooth-enabled mobile phone and copying its entire contact book, calendar or anything else stored in the phone's memory. Nokia and Sony Ericsson have admitted some of their handsets are vulnerable and although Sony Ericsson has made an effort to fix the problem, Nokia said the problem is not serious enough to warrant repairing.
Mark Rowe, consultant at security company Pentest, told ZDNet UK that the number of people that know how to perform the attack is quickly increasing and tools that enable the attack are widely available online. "We have been contacted by a number of security researchers that have worked out how to do it themselves without any help from us," Rowe said. "We were concerned when the information was previously published and we were told you need special tools. But in reality, anybody who looked into it in any depth would quickly work out how the attack is possible."
Rowe urged the media not to publicise which tools are used in attacks because this "would make it really easy for somebody to work out what to do". A Web search revealed hundreds of sites distributing the tools.
According to Rowe, the problem lies in how manufacturers implemented the object exchange (OBEX) protocol, which is a common method used by mobile devices to exchange information. "It was a deliberate design decision not to include authentication -- that allows people to [easily] send business cards to each other," he said. But the companies had overlooked that this implementation would also mean files could be transferred back and forth without permission, he said.
Tom Watson, Labour MP for West Bromwich East and a Bluetooth-phone user, told ZDNet UK he is concerned about the privacy of consumers and hopes that mobile phone manufacturers will do more to help fix the problem. "Once again consumers have to bear the brunt of technological failure," he said. "This offers profound threats to people's privacy. The least the sector can do is put matters right," he said.
Rowe advises anyone with a Bluetooth handset to keep it in hidden mode or even better, switch Bluetooth off: "If devices are hidden they are very difficult to find. There are techniques to find hidden devices, but it is a brute-force method that would take a lot of time. If they are not in hidden mode, you can find their address by simply asking," he said.
Posted by gyrro
Nokia gave an official statement regarding Bluesnarfing problem. They believe it's not important
.
http://www.mb.com.ph/TECH200402243153.html
Posted by asadrizvi7
can anyone tell me how actually bluesnarfing is done with T630?everyone seems to be discussing thats its possible not no one has mentioned here how to do it?
Posted by znights
what i heard bluesnarf can only be done via PC/Laptop and a special program. dont think it can be done via cellphone to cell phone.
Posted by joshimar
Have just joined this forum purely to post this to rdnymllnsktr - whoever you are - perhaps you should change your signature from GET YOUR FACTS STRAIGHT BEFORE YOU START POSTING CRAP THAT IS WRONG!!! to
ACTUALLY I'M STUPID
"Dude, are you dumb? Nokia's are the EASIEST TO BLUEJACK!!! Nokia's don't have an option to keep the bluetooth on, but not visible. Nokia's can be bluejacked the easiest!"
Nokia's do have an option to keep bluetooth on but set themselves as invisible
AND
"But how do you tell if a laptop has built-in bluetooth?"
I haven't laughed so much in ages.
Posted by dmb2000uk
You can only bluesnarf within 10m so if ure on the move its no problem. If ur on a train turn bluetooth off!
DMB
Posted by kimcheeboi
@joshimar-no YOURE the idiot...
1. You're so immature you joined a forum because you saw something you didn't like and wanted to attack the person who posted it.
2. Nokias are the easiest to bluejack because you can't turn the bluetooth off. After you send a contact, the phone remains on the bluetooth "send to" menu and you can continue to send contacts.
3. Please, since you're the expert, tell us how you can tell if a laptop has bluetooth.