Bluejacking And Now Bluesnarfing

[gungrave]

http://news.zdnet.co.uk/communications/wir...39145881,00.htm

and for wappers. it looks like a new way of bluejacking with ftp bluetooth profile enabled phones lets you browse the inner folder/file structure of any bluetooth device, and this way you can actually "steal" ringtones, images... and contacts.

"
A serious Bluetooth security vulnerability allows mobile phone users' contact books to be stolen. You've heard of bluejacking - now meet 'bluesnarfing'

A security flaw has been discovered in Bluetooth that lets an attacker download all contact details along with other information from a vulnerable phone, while leaving no trace of the attack.

Unlike bluejacking, which is where users can send a message to Bluetooth phones without authorisation, this latest discovery for the wireless-data standard allows data, such as telephone numbers and diary entries, stored in a vulnerable device to be stolen by the attacker. The new exploit is called bluesnarfing.

Bluesnarfing is said to affect a number of Sony Ericsson, Ericsson and Nokia handsets, but some models are at greater risk because they invite attack even when in 'invisible mode' -- in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.

[gungrave]

Nokia: Bluetooth flaw gnaws at phone security

By Munir Kotadia, ZDNet UK
10 February 2004

Nokia has confirmed that some of its Bluetooth-enabled mobile phones are vulnerable to "bluesnarfing," in which an attacker exploits a flaw to read, modify and copy a phone's address book and calendar without leaving any trace of the intrusion.

Networking and security company AL Digital said on Monday that it had discovered a security flaw in Bluetooth, a wireless data standard, that could allow such an attack. The flaw affects a number of Sony Ericsson, Ericsson and Nokia handsets, but some models--including a handful of Nokia phones--are at greater risk because they invite attack even when in "invisible mode," according to AL Digital.

A Nokia representative told ZDNet UK that the Finnish device maker is aware of "security issues" relating to devices with Bluetooth that "(make) it possible to download and modify phone book, calendar and other information on the phone without the owner's knowledge or consent, if Bluetooth is turned on."

However, the representative said the attack was possible only if the phone was in "visible" mode, or when it is set to actively search for other Bluetooth devices. Nokia said that a bluesnarf attack "may happen in public places, if a device is in the visible mode and the Bluetooth functionality is switched on. The phones vulnerable to 'snarf' attack include the Nokia 6310, 6310i, 8910 and 8910i phones as well as devices from another manufacturer."

According to Nokia, if an attacker had physical access to a 7650 model, a bluesnarf attack would not only be possible, but it would also allow the attacker's Bluetooth device to "read the data on the attacked device and also send SMS messages and browse the Web via it."

The company said it had not been able to recreate this backdoor attack on the 6310 handset, and would not confirm if other models were vulnerable to it.

Nokia also said that its 6310i handset is vulnerable to a denial-of-service attack when it receives a "corrupted" Bluetooth message: "A DoS attack would happen if a malicious party sends a malformated Bluetooth...message to reboot a victim's Nokia 6310i. We have repeated the attacks and found that there are some corrupted Bluetooth messages that could crash the Nokia 6310i phone," said the representative, who sought to reassure customers by saying that following the crash, the phone will reset and function normally.

A Sony Ericsson representative told ZDNet UK the company is "looking into" the matter and expected to make a statement on Tuesday.

Handsets at risk
England-based AL Digital said that the risk of a bluesnarf attack was highest for the four phone models listed by Nokia. Some models were described as more vulnerable than others in invisible mode, in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.

"On some models of phone, you are only vulnerable to attack if you are on visible mode; however, there are other models of phones where you are vulnerable even in nonvisible mode," said Adam Laurie, chief security officer at AL Digital.

AL Digital has developed several proof-of-concept utilities, but has not released them, Laurie said. The utilities include Bluestumbler, designed to monitor and log all visible Bluetooth devices (name, MAC address, signal strength, capabilities), and identify the manufacturer from MAC address lookup; and Bluesnarf, which can copy data from a target device.

According to AL Digital's Bluestumbler Web site, vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 and Z1010; and Nokia 6310, 6310i, 7650, 8910 and 8910i.

Laurie said he discovered the problem when he was asked to test how safe Bluetooth devices actually were. "Before we deploy any new technology for clients or our own staff, one of my duties is to investigate that technology and ensure it is secure--actually rolling your sleeves up and looking at it, not just taking the manufacturers' claims at face value. When I did that, I found that it is not secure," he said.

According to Laurie, he can initiate a bluesnarfing attack from his laptop after making a modification to its Bluetooth settings. "It is a standard Bluetooth-enabled laptop, and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack, and that enables me to perform this attack," he said.

Bluesnarfing has huge potential for abuse because it leaves no trace and victims will be unaware that their details have been stolen, Laurie said. "If your phone is in your pocket, you will be completely unaware."

Although the problem may affect other Bluetooth devices, such as laptops, Laurie said they are more difficult to target because the systems are more complex. "(Mobile phones) are liable to be more vulnerable simply because the resources for menus and configuration are limited. Manufacturers try and make Bluetooth simple to use on phones, so you don't have much granularity in setting options. On a lot of phones, Bluetooth is either on or off," he said.

Laurie said that for now, there is no fix available. He said that the only way to be completely safe is to switch off the Bluetooth functionality.

Nokia will not be releasing a fix for its devices in the near future because the attacks are limited to "only a few models" and it does not expect them to "happen at large," the Nokia representative said. The company is advising customers in public places to set their phones to invisible or switch the Bluetooth functionality off.

"In public places, where the above-mentioned devices with Bluetooth technology might be targets of malicious attacks--at least in theory--the safest way to prevent hackers is to set the device in nondiscoverable mode--'hidden'--or switch off the Bluetooth functionality. This does not affect other functionalities of the phone," the Nokia representative said.

[gungrave]

more info on it.
http://news.com.com/2100-1009_3-5155...ag=cnetfd.buzz

[enoughfakefiles]

There was a piece on the telly about this this weekend don`t they have to be with a couple of meters of you to steal your info.The bloke also said that you can tell that your being hack by a symbol on your phone as well.

[Peerzy]

Originally posted by enoughfakefiles@18 April 2004 - 15:40
There was a piece on the telly about this this weekend don`t they have to be with a couple of meters of you to steal your info.The bloke also said that you can tell that your being hack by a symbol on your phone as well.

They use hi-tech laptops with bluetooth built in to hack you, they have a range of 100meters in closed conditions ofcourse outside its much more. It will go through walls as well. They can steal your contracs, pictures and most importantly if your phone has a secret money are where you store bank pin codses ect they can get them. It would only take about a minute to get over 150 contracts and a low quality image for each one of them, and the sign on the phone is a small dote that will apear at the top of the screen. not very noticable at all. Phone effected are the series 60 phones (7650, 3650, N GAGE and 6600) and most Sony erricson's However some phones are able to block ut these signals and only 30% of the phones currently Bluesnafable would be prone to attack

[zacspeed]

Yeah, they can tell what you had for dinner too

[Snee]

Originally posted by peerzyboy@18 April 2004 - 21:12
(7650, 3650, N GAGE and 6600)

you have to have an open bluetooth connection you know, for them to get in there.

You are only supposed to do that when you transfer files, keeping it open otherwise would just drain your battery.

[Peerzy]

Originally posted by SnnY+8 May 2004 - 19:08--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (SnnY @ 8 May 2004 - 19:08)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-peerzyboy@18 April 2004 - 21:12
(7650, 3650, N GAGE and 6600)

you have to have an open bluetooth connection you know, for them to get in there.

You are only supposed to do that when you transfer files, keeping it open otherwise would just drain your battery. [/b][/quote]
I leave my bluetooth on my 3650 on all the time as in it hasnt been off since brought it nd i get 4 days without a charge easy.

[bujub22]

damn hacker got nothing better to do

[DanB]

Originally posted by peerzyboy+8 May 2004 - 20:10--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (peerzyboy @ 8 May 2004 - 20:10)</td></tr><tr><td id='QUOTE'>

Originally posted by SnnY@8 May 2004 - 19:08
<!--QuoteBegin-peerzyboy

@18 April 2004 - 21:12
(7650, 3650, N GAGE and 6600)

you have to have an open bluetooth connection you know, for them to get in there.

You are only supposed to do that when you transfer files, keeping it open otherwise would just drain your battery.

I leave my bluetooth on my 3650 on all the time as in it hasnt been off since brought it nd i get 4 days without a charge easy. [/b][/quote]
Does that mean you are prime for teh bluejacking Peerzy?