Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nokia Admits Multiple Bluetooth Security Holes

Posted by timothy on from the oops dept.

An anonymous reader writes "Nokia has admitted that four of its handsets (6310, 6310i, 8910 and 8910i) have multiple security vulnerabilities that can allow an attacker to read, edit and copy the contacts and calendar entries using Bluetooth. This admission comes after a ZDNet UK article published earlier today. the spokesperson advises customers to switch off Bluetooth in public places!" For more information, see the bluesnarfing site pointed out by reader profet.

15 of 136 comments (clear)

  1. Re:bluejacking by DJPenguin · · Score: 4, Informative

    Bluejacking is just where you send a contact to available phones, and it just used to startle people. This is nothing to do with bluesnarfing which is the hacking/changing data!

  2. Re:Great ! by Grounded0 · · Score: 4, Informative

    Go in to System Preferences, click Bluetooth applet, check "Support Non-Conforming Phones".

    --
    IRC: Grounded0 @ IRCnet. "I was lucky get into computers when it was very young & idealistic industry" -Steve Jobs
  3. Re:bluejacking by MrvFD · · Score: 2, Informative

    According to this article (in Finnish) Sony Ericsson is going to give a statement on Tuesday. Possible vulnerable SE models include R520m, T68i, T610 and Z1010.

  4. Ingornace? by juuri · · Score: 3, Informative

    Bluetooth was built from the ground up with security in mind, obviously Nokia totally boggled this.

    --
    --- I do not moderate.
  5. Re:K.I.S.S by Anonymous Coward · · Score: 3, Informative
    Actually if you are kind of loose in what you term an OS, many Symbian devices run basically 3 OS at the same time.

    Application platform, misc. servers & UI apps (UIQ, Series 60, ...)

    Symbian OS (kernel, middleware)

    Some sort of Manufacturer RTOS for running a GSM stack, for which Symbian doesn't quite cut it.

    These devices are far from simple. Given what you can do on this size of device, I wonder why someone doesn't make a solid state PC, with a few seconds boot time, and no noise. Wireless keyboard, monitor, mouse and LAN. (I don't mean a laptop).

    I think the thing you mentioned (running up someones bill, on 0900 numbers, or otherwise) has already happened long ago, but by faking the SIM. I think the original GSMs had a fairly large security flaw related to the encryption key.

    Or you could just steal someones phone ;)

  6. Re:No big deal by hanssprudel · · Score: 4, Informative

    There are problems with Bluetooth by design. For one thing, no wireless protocol for interaction between devices can be truly secure unless peering requires physical contact between them (I place my phone next to my laptop, but the spook across the street has a directed antenna that is a thousand times stronger then the phone...)

    It isn't like this hasn't come up before, Schneier predicted that Bluetooth would be a security nightmare three and a half years ago ! Quoting:

    What amazes me is the dearth of information about the security of this protocol. I'm sure someone has thought about it, a team designed some security into Bluetooth, and that those designers believe it to be secure. But has anyone reputable examined the protocol? Is the implementation known to be correct? Are there any programming errors? If Bluetooth is secure, it will be the first time ever that a major protocol has been released without any security flaws. I'm not optimistic.

    And what about privacy? Bluetooth devices regularly broadcast a unique ID. Can that be used to track someone's movements?

    The stampede towards Bluetooth continues unawares. Expect all sorts of vulnerabilities, patches, workarounds, spin control, and the like. And treat Bluetooth as a broadcast protocol, because that's what it is.

  7. Both ZDNET and Nokia wrong by linuxislandsucks · · Score: 3, Informative

    You have to turn off bluetooth functionability to be safe..

    Nokia is vunerabile to both having the device detect on and off in the hacks..

    according to the bleustumbler.org site..

    --
    Don't Tread on OpenSource
  8. Re:Big Woop. by zerosignal · · Score: 2, Informative

    I have my phone (non-Nokia) on discoverable all the time for convenience. I run Mac OS X, and use the Address Book application to send SMS messages via the phone. I also have iSync configured to automatically sync my address book once a day when the phone is in the vicinity of the Mac. I don't notice a major drain on the battery with Bluetooth kept on. Having to disable it every time I went outside would be very annoying.

  9. Re:Big Woop. by INSSOMNIAK · · Score: 3, Informative

    You only need to be discoverable when you are pairing. After that you can keep bluetooth on and it is _supposed_ to only talk to those devices you know about.

  10. It's bad implementation, not specification by rassie · · Score: 3, Informative

    If nothing has changed since AL Digital released the it on bugtraq, then the most serious issues only affect phones that have previously been paired with the attacking Bluetooth device.

    This means that you have to have given the attacker access to privileged services at one point in time, and then deleted him.

    If you had not deleted him, he would obviously still have access.

    But it is the missing deletion that is the problem.

    You should not pair your device with any devices except your own. Your PDA requires to be paired with your Phone, Laptop, and access point, so it can dial up, synch, and have LAN access etc. But you don't have to pair it to send your business card to somebody else. There is no reason to pair with Joe Hackers device. So for most of the cases described by AL Digital it is just a bad implementation which does not affect the majority of users.

    For the rest of the cases it is also a bad implementation by Nokia and "possibly other manufacturers", it is not a vulnerability in the protocol.

  11. Re:Great ! by singleantler · · Score: 3, Informative

    While I can use my 6310i as a modem for my Mac with no problems, I can't access the phone book in it, which is highly annoying, and using 'Support non-confirming phones' hasn't made any difference to that.

    It's a shame - this is something the Sony/Ericsson phones do very well, but I still prefer Nokias overall (mainly because of their interface.)

    --
    "What if they're using IE?" "I've dumbed Mozilla down to cope with it." - BOFH
  12. Re:No big deal by Anonymous Coward · · Score: 2, Informative

    There is a shared pin code which is entered into both devices. If this pin code is short, as it typically is for low-security applications, then you have a point.

    What's important, though, is that a shared key is negotiated without being sent over the wire. It may be possible to brute-force the pin with data captured from the initial authentication run, or there might be an attack against the key generation or encryption, but the "physical connection" you claim is required is only one way of ensuring that authentication data isn't sent over the radio channel.

  13. From the article... by ErnstKompressor · · Score: 2, Informative
    According to the AL Digital's bluestumblerWeb site, vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 andZ1010; andNokia 6310, 6310i, 7650, 8910 and 8910i.


    Well that is just about all of the bluetooth phones out there then?

    --
    We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
  14. Re:Is Bluetooth upgradeable? by Organized+Konfusion · · Score: 2, Informative

    No it doesn't wipe anything, even my call timers were still intact after upgrading the firmware.

  15. Try this by stere0 · · Score: 2, Informative

    PhoneManager claims it can transfer contacts to/from a 6310i using bluetooth. It doesn't work without a cable for my non-i 6310 so I haven't tested it.

    --
    Trollem mirabilem hanc subnotationis exigiutas non caperet