Slashdot Mirror
Nokia Admits Multiple Bluetooth Security Holes
An anonymous reader writes "Nokia has admitted that four of its handsets (6310, 6310i, 8910 and 8910i) have multiple security vulnerabilities that can allow an attacker to read, edit and copy the contacts and calendar entries using Bluetooth. This admission comes after a ZDNet UK article published earlier today. the spokesperson advises customers to switch off Bluetooth in public places!" For more information, see the bluesnarfing site pointed out by reader profet.
Great, not a single Mac OS X app can correctly address my 6310i, but Joe Random Hacker can? Urgh. I need to get my priorities straight.
Research is what I'm doing when I don't know what I'm doing.
Old news. The concept of hijacking bluetooth links was first mentioned here back in November.
But I guess Nokia finally admitting they have an issue is interesting. I wonder what the other Bluetooth capable device manufacturers do about this???
What's happening with Bluetooth happened with wireless networks.
What happened with wireless networks happened with anonymous ftp servers.
What happened with anon ftp servers happened with telnet access (you remember the "guest" login provided by most hosts ?).
Every time a new technology is used there are some flaws with it. No big deal.
a fresh list of emai^H^H^H^H telephone numbers so you can send your email marketing to?
Keep It Simple Stupid. Phones are tools. We don't "need" them to be fully featured akin a full OS. Today we have Bluetooth hole sin a few phones. What's next tomorrow on MSFT Smart Phones? Hackers turning in using your line to call 0900 numbers? People hacking your e-wallet? When it comes to commodity devices we should make sure they do reliably and securely work. I don't expect anything less.
Artificial intelligence is no match for natural stupidity
Is Bluetooth upgradeable and How?
most people would probably be better off without the wheel.. but try telling them..
These days we have all possible material about encryption available publicly. We have RSA, we have digital signatures, we have freely available software which can create perfectly encrypted material which would give bad headaches to the NSA if they had to crack it, even I can encode anything with gpg.
Yet, a mobile-phone giant does this. Are they just plain stupid, or is this another example of the wonders of social science? I can't help thinking how intelligent an ant nest can be though ants singularly are so stupid, and how an organization with some of the brightest engineers on the planet can act so carelessly.
Victims of 9/11: <3000. Traffic in the US: >30,000/y
when things aren't built from the ground up with security in mind, there is likely to be some compromise for the sake of ease of use, when security issues come to mind. apart from the fact that any form of wireless communication is prone to be insecure! think about it.. ARGH THE GOVERNMENT IS LISTENING TO MY PHONE CALLS!!
tim
... if these are the only Nokia models which are affected by this vulnerability.
What about other models that have Bluetooth? Are they safe from this security hole?
If you turn Bluetooth off, your're invulnerable and your batteries will last longer.
It's never too late to have a happy childhood.
Bluetooth was built from the ground up with security in mind, obviously Nokia totally boggled this.
--- I do not moderate.
There's always somone who wants it. ;)
Bluetooth phones at risk from 'snarfing'
Munir Kotadia
ZDNet UK
February 09, 2004, 14:15 GMT
A serious Bluetooth security vulnerability allows mobile phone users' contact books to be stolen. You've heard of bluejacking - now meet 'bluesnarfing'
A security flaw has been discovered in Bluetooth that lets an attacker download all contact details along with other information from a vulnerable phone, while leaving no trace of the attack.
Unlike bluejacking, which is where users can send a message to Bluetooth phones without authorisation, this latest discovery for the wireless-data standard allows data, such as telephone numbers and diary entries, stored in a vulnerable device to be stolen by the attacker. The new exploit is called bluesnarfing.
Bluesnarfing is said to affect a number of Sony Ericsson, Ericsson and Nokia handsets, but some models are at greater risk because they invite attack even when in 'invisible mode' -- in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.
Adam Laurie, chief security officer at UK networking and security firm AL Digital, told ZDNet UK that the Nokia 6310, 6310i, 8910 and 8910i models were at greatest risk. "On some models of phone, you are only vulnerable to attack if you are on visible mode; however, there are other models of phones where you are vulnerable even in non-visible mode," he said.
Laurie said he discovered the problem when he was asked to test how safe Bluetooth devices actually were. "Before we deploy any new technology for clients or our own staff, one of my duties is to investigate that technology and ensure it is secure. Actually rolling your sleeves up and looking at it, not just taking the manufacturers' claims at face value. When I did that, I found that it is not secure," he said.
According to Laurie, he can initiate a bluesnarfing attack from his laptop after making a modification to its Bluetooth settings: "It is a standard Bluetooth-enabled laptop and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack and that enables me to perform this attack," he said.
Bluesnarfing has huge potential for abuse because it leave no trace and victims will be unaware that their details have been stolen: "If your phone is in your pocket, you will be completely unaware," he said.
Laurie said he has had trouble getting the major handset manufacturers to admit the problem exists: "I have had experts telling me that it can't possibly exist because they have been trying to do this and failing."
Although the problem may affect other Bluetooth devices, such as laptops, Laurie said they are more difficult to target because the systems are more complex: "Mobiles are liable to be more vulnerable simply because the resources for menus and configuration are limited. Manufacturers try and make Bluetooth simple to use on phones, so you don't have much granularity in setting options. On a lot of phones, Bluetooth is either on or off," he said.
Laurie said that for now, there is no fix available. He said that the only way to be completely safe is to switch off the Bluetooth functionality.
AL Digital has developed several proof-of-concept utilities, but has not released them into the wild, said Laurie. They include: Bluestumbler, to monitor and log all visible Bluetooth devices (name, MAC address, signal strength, capabilities), and identify the manufacturer from MAC address lookup; and Bluesnarf, which can copy data from a target device.
According to the AL Digital's bluestumbler Web site, vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 and Z1010; and Nokia 6310, 6310i, 7650, 8910 and 8910i.
Nokia and Sony Ericsson were not immediately available for comment.
No one wanders about with their phone whilst it is discoverable anyway.
Looked more like an attempt to get advertising for their hosting company to me.
I was interested to see the Z1010 on the list when the commercial version isn't out yet.
I can't believe this, a company as big as Nokia making mistake as stupid as this ?
I thought most people would have learned something on the WiFi fiasco by now, especially Nokia (who also make security products such as firewalls by the way)
Now let's see if they're dedicated enough to their customers to fix this problem quickly.
In the meantime, it's good idea to keep this on the headlines of the media.
On another note, I'd be interested about other bluetooth-enabled devices - handsfree headset ? iPAQs? Palm? Sony Clies?
Some companies already do, I'd imagine, but surely the solution would be to employ - and pay decently - people who've highlighted vulnerabilities in previous products/systems to go at phones/etc like the clappers, trying to find any vulnerabilities. Granted, few products are going to be 100% secure but surely it'd be better than holes like this cropping up.
The ad I got on the page with that article...
Advertising nokia as a business mobility solution. Want to keep your business contacts a secret?
Except that Nokia have built Bluetooth support only into a limited number of phones, mainly those aimed at the "business market". For instance, my 6800 has almost every conceivable option but no Bluetooth.
I can't guess their reasons for not including Bluetooth with all their more expensive models, since it can't cost more than one Euro or so, but at least it means that of all the phones out there, relatively few are exploitable.
Ceci n'est pas une signature
Well I could carry:
pocket phone book
diary
electronic game
alarm clock
laptop for connecting to the net
any other odds and sods, but if they are all in one thing, its lighter on my pockets.
Who'd want to hack an N-Gage?
You have to turn off bluetooth functionability to be safe..
Nokia is vunerabile to both having the device detect on and off in the hacks..
according to the bleustumbler.org site..
Don't Tread on OpenSource
Nokia is not the only phone maker with broken or stupid bluetooth implementations. Just look at the Siemens S55 which by default (when bluetooth is on) accpets any kind of files and saves them to your phones inbox. Also it has several bugs, like the Nokia. I'm have setup a small website (http://www.betaversion.net/btdsd/) with a currently very small list of bluetooth capable phones with there security settings and bugs. I tell you bluetooth will be real fun in the future :-)
Interestingly from what I have read about the security vulnerabilities with the *five* models affected by this (Nokia 6310, 6310i, 8910, 8910i and 7650), Nokia has confirmed only that the 7650 has the problem. Also reported that some SonyEricsson phones would have similar vulnerabilities, but it was not stated which models. So, I take it that at least these five Nokia phones have the Bluetooth holes. But what is interesting is that different news-feeds report Nokia confirming/denying different models! What this really tells us that the writers of the news themselves are either: 1) Too lazy to look it up from Nokia itself. 2) Too naive to take some other newsfeeds info as a fact. 3) Too inexperienced to check the validity of the info. 4) Too ??? to ??? So, who made the mistake? ALL the "reporters" who did not check the validity of the news by themselves straight from the source.
If all else fails, pull the plug and get out...
The Life is out there...
Doesn't seem smart to me. Admit there is a vulnerability then say you aren't going to fix it. I'm surprised they didn't say the "fix" would be released in the next versions of the affected phones and customers would need to upgrade following their easy and costly upgrade path.
Of course a bulk enterprise license would cover any future upgrades but you would still have to buy a license for each phone call you make with the new phone.
I'm not a karma whore but I play one on Slashdot
I'm glad I still have my old 3210. As long as it continues to make a noise when someone dials it and transmit my voice and their voice in mutually opposite directions when answered, then I have no reason to replace it.
When you're sending data over the air, then you have no way of knowing who is listening. That's why my home LAN is wired -- so I at least know if anyone is tapping me, then they must be on the inside. And I wouldn't trust the phone companies to build in any kind of security either; MI5 would never let them get away with it. You should assume any part of the network you can't see is tappable if not actually tapped. The best form of telephone security is to keep all messages short and hope they aren't listening when you're speaking.
Je fume. Tu fumes. Nous fûmes!
I think I hava 6310 from the first batch. Never bothered to flash it because I rarely use it.
This one does not have the vulnerability. You see, if you switch bluetooth on, the whole phone crashes immediately.
Bot Assisted Blogging
Well, I guess it was worth those 48 hours of carefree wireless toying...
Have Linux installed at your place in Amsterdam, for cheap
Curious, why don't all wireless devices use something like SSH?
That's why my home LAN is wired -- so I at least know if anyone is tapping me, then they must be on the inside.
This isn't true -- you can pick up (copper) LAN signals from a reasonable distance, which is why the military always uses fiber outside of shielded environments. At least when sensitive data is expected to travel along the pipes.
The most obvious way to test this is to place an ordinary FM radio antenna along the network wire and see how much junk you are picking up; you can clearly hear the intensity of the network traffic.
I heard this traffic when sitting in my car in the company parking lot at one of my previous jobs and so knew when the builds were done.
Granted, the equipment is fairly expensive, but don't think for a second that you're safe because you're wired. Wires leak like hell.
Warphoning? Grossly overused prefix, but I'm surprised no one else has mentioned it.
I wonder how long it takes before people using voice dial find themselves calling Elbonia..
If nothing has changed since AL Digital released the it on bugtraq, then the most serious issues only affect phones that have previously been paired with the attacking Bluetooth device.
This means that you have to have given the attacker access to privileged services at one point in time, and then deleted him.
If you had not deleted him, he would obviously still have access.
But it is the missing deletion that is the problem.
You should not pair your device with any devices except your own. Your PDA requires to be paired with your Phone, Laptop, and access point, so it can dial up, synch, and have LAN access etc. But you don't have to pair it to send your business card to somebody else. There is no reason to pair with Joe Hackers device. So for most of the cases described by AL Digital it is just a bad implementation which does not affect the majority of users.
For the rest of the cases it is also a bad implementation by Nokia and "possibly other manufacturers", it is not a vulnerability in the protocol.
-1 Irritating Luddite. -1 Shut your stupid piehole. -1 Opinionated asshat. -1 Nobody cares what you think.
Well that is just about all of the bluetooth phones out there then?
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
i got the n-gage (Cmon hate me) and its got a turn off bluetooth function, whenever there are bluetooth activity, the little bluetooth icon changes
*resistance is futile, or fuzzy, i dunno*
If you Google for the above, you'll find that Nokia's implementation of Bluetooth on this phone has been absolutely horrendous. Nokia is phasing out / has phased out the 6310i in the US and I managed to snag one on closeout at the AT & T Wireless Store for $29.95! I picked it because it had Bluetooth and because it was also the only US-sold phone that worked with a very cool car stereo handsfree kit made by Alpine (integrated Caller ID on the radio display, etc.) But apparently their implementation of Bluetooth only works with the Nokia Bluetooth Adapter (which of course costs twice as much as "generic" adapters like my D-Link). So I called the Nokia service center and arranged to send my phone in to get the firmware updated. I got it back about a week and a half later, and although they had updated the firmware the Bluetooth connection between my PC and the phone *still* wouldn't hold when trying to start up the Nokia PC Suite software! I gave up, bought the serial cable for $15 on eBay and had my contacts synced to my phone inside of 10 minutes. Other than the (lack of) Bluetooth support, I love the phone. The battery life is especially outstanding, and since they've started to phase it out, you can pick up the accessories on eBay for very cheap.
...Whenever I try to open a text message from a friend, I get some message trying to sell me cheap Viagra knockoffs...
This is my sig. There are many like it, but this one is mine.
I'm considering getting one as a package with a Palm T3.
If you don't want to repeat the past, stop living in it.
Dear Nokia customers,
Due to the latest security problems involving our phones and Bluetooh, we recommend you write your complete address book and contacts on a piece of paper and store it in a safe place. Also, since our phones explode it is best that you stay more than 10 feet away from them at all times. This will ensure both safety of your information on the phone and yourself.
well as soon as I can get a "normal" (1) phone with Bluetooth out here in the States, I'll worry about it.
Winton
(1) Normal -> one with out a 15" color screen, video camera and gamepad attached.
Kind of makes you glad recalls of non-software products don't work the same way.
Like a cell phone, or something. (Which, of course, was probably your point.)
Carthago delenda est!
PhoneManager claims it can transfer contacts to/from a 6310i using bluetooth. It doesn't work without a cable for my non-i 6310 so I haven't tested it.
Trollem mirabilem hanc subnotationis exigiutas non caperet
You sure don't need emacs with this MS-DOS editor ;-]
Submitted yesterday to Slashdot at 1200 PST, filed in a locked cabinet in the basement lavatory with a sign stating "BEWARE OF THE LEOPARD" was this posting:0 27ef9a.155 09562%40news.individual.de
t ic leID=17601809
http://groups.google.com/groups?&selm=4
AL Digital
http://www.aldigital.co.uk/
announced Nokia 6310, 8910 and 8910i mobiles were found to be at greatest risk to having their data copied without the owner's consent with a crack attack over Bluetooth.
The security papers (links, below) suggest keeping some other models of Bluetooth-capable mobiles 'invisible' to other devices may prevent data within the phone from being copied with a 'SNARF attack.' At worst, ony the data within the phone itself could be abducted, so if you don't keep data in it, and instead keep data within a PDA or notebook, the risk to you is low.
Yeah, welcome to the 21st century.
However, the authors apparantly got the brush from Sony-Ericsson, Nokia and the Bluetooth standards body when they raised the issue, so further
attention seems merited.
http://www.commsdesign.com/showArticle.jhtml?ar
http://www.bluestumbler.org/
The latter URL has a number of references and leads to web pages for the cracking software cited, and it looks like AL Digital may have done their homework.
There is nothing wrong with yr Internet. Do not attempt to adjust the picture. We are controlling the transmission - NSA
The article strikes me as being somewhat sensationalist, not least because of the so-called proof of concept tools mentioned. Asking a hub to perform a scan for the information gathered by "bluestumbler" is trivial. It has to be, because that is exactly what all those 'scan for devices' apps do anyway. Similarly "bluebrowse" sounds like nothing more than sdptool, an app which browses for services on local devices. Again, your phone is capable of doing this so I can't help but wonder what l33t secrets methods this could possibly employ. As for the ability to discover non-discoverable devices, this is based on a referenced paper for the Red Fang tool, as far as one can see, which is essentially about using a brute force attack against the last 6 bits of the local device addresses. This does in fact appear to work as claimed, because even an invisible device will respond if addressed by name (and so they should). However, attacks can take up to 11 hours it seems, by which time one might be expected to have noticed the geek with the laptop who's been following you around all day trying to pwn your business card.
Yes, there are going to be some vulnerabilities somewhere in the protocol, but nothing presented here seems to demonstrate that, only that some manufacturers have implemented the protocol badly, but hey, what's new there? -I personally have great fun pushing notes to T610 owners telling them they've been hacked.
Overall bluetooth is pretty secure, and version 1.2 will be stronger yet. Yet from these comparatively minor glitches in the implementations in mobile phones, they seem intent on making it out to be a condemnation of the entire bluetooth standard.
The article was alarmist, and such problems as there are are not worth turning off your bluetooth for, as A.L security seem to recommend. I'd go so far as to say that this is little more than a young securtiy startup company trying to get some attention with a little scarmongering.
mike_c
... i like this kind of news. Then you hit the bluekey and bang! my neighbor's right there to f00l in 123 - just gotta wait now...
I Always have a nice time on slashdot.
Damn it... What the hell does this mean ? :(
U R OwN3D - R00t
This is what my poor Nokia has been displaying for the past four days
nokia handsets have any vulnerabilities?? What a surprise! Wake me when Motorolas will have any.
:)
.NET, use outlook and explorer and acess your Nokia and pocket pc trough ms briefcase-synchronise-alike tools. All of the mentioned things have proven to be 100% unreliable, vulnerable, clumsy and sometimes dangerous to business of safety/health.
For all the history all of Nokia hardware, both wireless radiolinks and consumer electronics, was ultracrappy and vulnerable to anything, even failing when not in use
Just avoid buying crappy things, and will be in safety.
To those who want to argue - buy ms windows, get on ms