Bluesnarfing At CeBIT 2004

← Back to Stories (view on slashdot.org)

Posted by timothy on Wednesday March 31, 2004 @06:10AM from the not-dirty-toothing dept.

La^2 writes "The Austrian research company Salzburg Research did a field trial at the CeBIT 2004 that confirms the seriousness of the recently discovered bluetooth security loophole in the firmware of popular mobile phones. In this trial, 1269 unique bluetooth-enabled devices were discovered, and their vulnerability to the so-called SNARF attack checked. The report on this bluesnarfing at large scale has interesting statistics, which may not please some of the vendors." (And the CeBIT version of Knoppix was apparently being used to slurp up and display Bluetooth phone information, too.)

8 of 104 comments (clear)

Min score:

Reason:

Sort:

Bluesnarfing by spellraiser · 2004-03-31 06:20 · Score: 4, Informative

I had to google for this one ...
Basically, Bluesnarfing is an exploit of a Bluetooth vulnerability to access data stored on the mobile device.
A more detailed explanation can be found here

--
I hear there's rumors on the Slashdots
Re:What about Palm devices? by System.out.println() · 2004-03-31 07:06 · Score: 2, Informative

It looks like they were just testing phones with this.

If you're interested, I'd suggest running some tests yourself - find some Palms with BT, try to get some data, and see if they ask the user first.

--
I've got more mod points and GMail invi
Re:Spammers by EricWright · 2004-03-31 07:46 · Score: 2, Informative

I have the SE t68i. You are only supposed to be able to connect to it via bluetooth when the phone is in discoverable mode. The window for discoverable mode is 3 minutes on my phone, and when any device tries to pair with it, I put in a password (ie, it's not a stored password) and the other device has to enter the same password.

I think the point of bluesnarfing is exploiting a bug in the bluetooth stack that bypasses the discoverable mode requirement and the one time password pairing step.
The most interesting bit.... KNOPPIX 3.4! by Anonymous Coward · 2004-03-31 08:08 · Score: 1, Informative

Knoppix 3.4 is out, (but not yet on mirrors).

Anyone have a torrent
Re:bluetooth keyboards? by blueserker · 2004-03-31 10:00 · Score: 2, Informative

this only impacts phones and the data on them... go get your keyboard http://www.blueserker.com

--
http://www.blueserker.com
Just for clarification of the Linux discussion by 1337Martin · 2004-03-31 10:13 · Score: 2, Informative

As the author of the bluesnarf report and an important member of the team that did the experiment, I can tell you that Slackware Linux 9.0 distribution was used as a basis. In addition to this, Bluez and a recent linux kernel (linux-2.6.2) has been installed on this system. I like Knoppix very much, though. It gives Microsoft users a fair chance to seriously think about getting rid of their expensive bugware. Linux forever ;)
Re:Spammers by 1337Martin · 2004-03-31 10:26 · Score: 2, Informative

Confirm. SMS-spamming from other people's phones is possible!
In perspective by SiliconEntity · 2004-03-31 14:48 · Score: 2, Informative

To put it into perspective, out of 1269 Bluetooth enabled phones detected, only 46 were vulnerable to the attack. And the manufacturers are upgrading the firmware so that newer models are immune.