Hackers can attack Bluetooth devices

0comments
Hackers can attack Bluetooth devices
Bluetooth is a low power radio technology replacing the need for wires connecting electronic devices such as personal computers, printers, palm top computers and mobile phones. It uses radio waves to transfer information, so it could be vulnerable to attacks. Security specialists say, is easy for a hacker to steal, read or modify a phone's address book, calendar or virtually anything else stored in your handset without leaving any trace of the intrusion.

  Adam Laurie, who is chief security officer and director of AL Digital and the Bunker, and Martin Herfurt - researcher for Salzburg Research demonstrated how software tools they created give them virtually total control over Bluetooth phones from a wide range of cellular phone manufacturers, including Nokia and Sony-Ericsson. The experts showed several different ways of attacking a phone. 

  One of them is called SNARF attack: obtaining all data stored on the phone without the owners knowledge. Lately many devices like PDAs and smart phones are used by individuals to not only store phone numbers and their calendar information but also passwords PIN numbers and other security information which could be an easy target if your handset is hacked. 

  Another one is the BACKDOOR attack – this is when a hacker establishes trusted relationship with a handset, but then ensuring that it no longer appears in the target's registry of paired devices. This connection is granting him access not only to the data on your phone but also allowing him to use modems and WAP/GPRS services. 

   The third is called BLUEBUG attack. The reason for your phone to be attacked is for the hacker to use it to make a call, send or read SMS, connect to data services or even to monitor conversations in the surrounding area of the phone. The way the eavesdropping works is when the attacker directs your phone to call his device and when he picks up he will be able to listen to the chatter near by your phone.

Adam Laurie preformed several real life tests one of which was in the London underground station. He spend 2 hours there during rush-hour and was able to detect 336 Bluetooth enabled phones 77 of which was vulnerable to at least one attack. During another test in the Britain's House of Parliament he discovered 46 Bluetooth phones 8 of which were in danger of the attacks.

  Another proof of Laurie's theory is a device referred to as BlueSniper Riffle. It is developed by John Hering and his colleagues from Flexilis. The gadget is composed from riffle looking stock, antenna, scope and cables running to either PDA or laptop. During a test from 11th floor of a hotel John Hering aimed the mechanism toward a busy taxi stand and was able to detect and collect data from over 300 Bluetooth enabled phones.

  Several work-arounds are available to the consumers. The first option is to turn Bluetooth off. This will prevent SNARF and BLUEBUG. To protect against BACKDOOR attacks, you have to permanently remove a pairing, and this could be done by performing a factory reset, which will also erase all your personal data.

 Here is a chart of vulnerable phones:

Vulnerability Matrix
(* = NOT Vulnerable)

Make

Model

Firmware Rev

BACKDOOR

SNARF when Visible

SNARF when NOT Visible

BUG

Ericsson

T68

20R1B
20R2A013
20R2B013
20R2F004
20R5C001

?

Yes

No

No

Sony Ericsson

R520m

20R2G

?

Yes

No

?

Sony Ericsson

T68i

20R1B
20R2A013
20R2B013
20R2F004
20R5C001

?

Yes

?

?

Sony Ericsson

T610

20R1A081
20R1L013
20R3C002
20R4C003
20R4D001

?

Yes

No

?

Sony Ericsson

T610

20R1A081

?

?

?

Yes

Sony Ericsson

Z1010

?

?

Yes

?

?

Sony Ericsson

Z600

20R2C007
20R2F002
20R5B001

?

Yes

?

?

Nokia

6310

04.10
04.20
4.07
4.80
5.22
5.50

?

Yes

Yes

?

Nokia

6310i

4.06
4.07
4.80
5.10
5.22
5.50
5.51

No

Yes

Yes

Yes

Nokia

7650

?

Yes

No

?

No

Nokia

8910

?

?

Yes

Yes

?

Nokia

8910i

?

?

Yes

Yes

?

* Siemens

S55

?

No

No

No

No

* Siemens

SX1

?

No

No

No

No

Motorola

V600

?

No

No

No

Yes

 
 
Links:


Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless