| Author |
Nokia releases 'invisible' Bluetooth security fix |
axxxr
Joined: Mar 21, 2003
Posts: > 500
From: Londinium
PM, WWW
|
Six months after saying the 'bluesnarfing' vulnerability in its handsets wasn't serious enough to fix, Nokia says it has released software upgrades for five of its handsets.They're just a bit hard to find.
More than six months after admitting there was a Bluetooth security flaw in a number of its mobile phone handsets, Nokia said it has released a software upgrade that fixes the vulnerabilities.
In February, Nokia and Sony Ericsson admitted that some of their Bluetooth-enabled mobile phones were vulnerable to "bluesnarfing", in which an attacker can read, modify and copy a phone's address book and calendar without leaving any trace of the intrusion.
Some handsets contained an even more serious vulnerability that allowed the phone to be "taken over" by the attacker, who could then use it to make phone calls, send text messages or even modify the handset's settings.
Once the problems were discovered, Sony Ericsson offered to update any affected handsets but Nokia said it did not think the vulnerabilities were serious enough to warrant an upgrade.
However, following pressure from customers, Nokia announced in May that it would provide a software upgrade in "the summer" but did not set a firm date for its release.
On Thursday, Nokia confirmed that it had released updates for five of its handsets and reiterated that it will issue fixes for all remaining vulnerable devices by the end of the summer.
"Nokia will introduce a software update in summer 2004 to address Bluetooth security in certain Nokia mobile device models. For many of them (Nokia 6230, Nokia 6650, Nokia 6810, Nokia 6820, Nokia 7200) the upgrade is already available," Nokia said in a statement.
However, Nokia could not clarify exactly where customers might get hold of the patches or even whether they will be able to apply it themselves.
Further details are expected in the near future.
Security experts have said it is important that users do upgrade their phones because more cracking and hacking Web sites have started publishing software tools designed to help nontechnical users launch a bluesnarfing attack.
Tim Ecott, manager of the S3 (ethical hacking) team at security firm Integralis, said bluesnarf "cook books" are starting to appear.
"Rest assured they do exist. They are certainly not widespread at this stage but there are a number of locations where this code is exchanged and explored by various people. Our company is aware of some of these locations and has used some of the information to develop code to test the vulnerability in the first place," Ecott said.
Mark Rowe, an IT security consultant at Pentest, which was one of the companies that first discovered the problem, said more people are learning how to carry out bluesnarfing and similar attacks; and because the upgrade hasn't been made available, the only way users can guarantee their safety is by turning Bluetooth off.
But Integralis's Ecott said Nokia was probably not treating the matter with great urgency because overall the risk is relatively low. He said a potential victim would need to have a vulnerable phone with Bluetooth switched to visible; then they would have to be in close proximity to the attacker; and finally, the bluesnarfer would need some reason to attack their particular phone.
"If you are at an airport with a bit of time to kill, you could sit at a hot spot and try and get on the Web via someone else's phone. There are examples where all the required conditions may well come together, but not in sufficient numbers to cause Nokia to lose any sleep," Ecott said.
[addsig] | |
|
rdnymllnsktr
Joined: Feb 04, 2004
Posts: > 500
From: California, but now in Plano,
PM, WWW
|
Jerks. There are trillions of people in the world, so that means there'll be at least thousands of opportunities for bluesnarfers to bluesnarf. Also, I read somewhere that some phones (SE) need only to have the bluetooth on, not visible.
This message was posted from a T616 |
swipe108
Joined: Mar 18, 2004
Posts: 264
From: Philippines
PM |
not trillions just billions. around 7-8 billion. and only a small fraction have bluetooth enabled phones. most of them nokia users since they're the world leader in mobiles  |
switchbitch
Joined: Apr 29, 2003
Posts: > 500
From: ELF Pap Cop (Avatar pending)
PM, WWW
|
Bluesnarfing is just another way to have fun pissing people off. There are lots of people in the world and there are lots of ways to piss people off. Bluejacking, bluesnarfing, and propping water filled wheelie bins against peoples front doors then ringing the bell before running away* all get thumbs up from me. 
*aka 'Flash flood'
[addsig] | |
|
Access the forum with a mobile phone via esato.mobi
|
Posted: 2004-07-22 17:38
