[ISN] Cracks appear in Bluetooth security

From: InfoSec News (isn@private)
Date: Thu Feb 12 2004 - 04:49:17 PST

  • Next message: InfoSec News: "[ISN] CFP: 8th Annual Colloquium on Information Systems Security Education"

    http://www.computerworld.com/securitytopics/security/story/0,10801,90131,00.html
    
    By John Blau
    FEBRUARY 11, 2004
    
    Be careful the next time you turn on your Bluetooth-enabled phone:  
    You could unknowingly be opening the door to a nasty intruder who
    could steal confidential information such as your address book or even
    use your phone to make expensive calls.
    
    Security experts in the U.K. have discovered serious flaws in some
    Bluetooth-enabled phones, prompting one supplier of the vulnerable
    phones, Nokia Corp., to recommend precautionary measures.
    
    "We have developed a tool that allows us to connect to a number of
    Bluetooth-enabled phones and download all sorts of confidential
    information, such as address books, calendars and other attachments
    without going through the normal pairing, or handshaking, process
    between devices," said Adam Laurie, technical director and co-founder
    of A.L. Digital Ltd. in London. "In fact, we have been able to obtain
    this confidential data without giving users any indication whatsoever
    that an intrusion is taking place."
    
    A.L. Digital has discovered security flaws in four Nokia phone models:  
    6310, 6310(i), 8910 and 8910(i).
    
    Janne Ahlberg, manager of technology platforms at Nokia, confirmed on
    Wednesday that these models are susceptible to potential attacks.  
    Users of these phones in public places should either switch their
    phone to the "nondiscoverable" or hidden mode, making them invisible
    to others, or turn off the Bluetooth functionality completely, he
    recommended. Users should also check that their Bluetooth "pairings,"  
    or approved connections with trusted partners, are correct.
    
    The U.K. security company detected similar flaws in phones
    manufactured by Sony Ericsson Mobile Communications AB. The Sony
    Ericsson models include the R520, T68i, T610 and Z1010.
    
    Sony was unavailable for immediate comment.
    
    Bluetooth technology allows users to swap data between mobile phones,
    PDAs, notebook computers and a string of other devices within a few
    meters of each other. It's becoming a standard feature of many
    high-end devices.
    
    Until now, the only known Bluetooth security shortcoming has been
    "bluejacking," an increasingly popular means of exchanging short
    three- or four-word messages in the display area designated for the
    name of the initiating device, according to Laurie. The process,
    essentially, allows communication to take place without pairing, which
    requires partners to exchange a personal identification number (PIN)  
    to establish a connection.
    
    But Laurie said he and his colleagues at A.L. Digital have uncovered
    not one but two new security flaws. He referred to the one as
    "bluesnarf" and the other as a backdoor attack.
    
    "Bluesnarf is a tool I've written that allows you to bypass the
    pairing process to connect to a Bluetooth-enabled phone and,
    essentially, break into the device to steal or manipulate data," he
    said.
    
    The backdoor attack, according to Laurie, involves establishing a
    trust relationship through the pairing mechanism but later making the
    pairing information invisible on the target's register of paired
    devices to enable an anonymous connection. The process requires
    participating users to first create a PIN and then enter this number
    in each device in order to initiate a connection, he said.
    
    The problem arises, Laurie said, when one of the "trusted" persons
    decides to use the backdoor hacking method to hide the identification
    data and gain unauthorized access to that person's device. "Unless you
    happen to be staring at your phone and see a little icon appear
    indicating a connection, you won't know that anyone has gained access
    to your phone," he said.
    
    Nokia said it isn't aware of any attacks against Bluetooth-enabled
    phones and believes it's "highly unlikely" that these phones will
    become broadly exposed to security attacks.
    
    "From a security viewpoint, Bluetooth is actually very strong,"  
    Ahlberg said. "There were just some implementation flaws that made
    these security flaws possible in a couple of models."
    
    Additional information about the security flaws detected by A.L.  
    Digital is available online [1].
    
    [1] http://www.bluestumbler.org/
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Feb 12 2004 - 07:49:10 PST