[ISN] Mobile flaws expose executives to bugging

From: InfoSec News (isn@private)
Date: Fri Apr 30 2004 - 00:30:16 PDT

  • Next message: InfoSec News: "[ISN] Yoran: Locals must lead IT security"

    http://business.timesonline.co.uk/article/0,,8209-1092789,00.html
    
    By Steve Boggan
    April 30, 2004 
    
    EXECUTIVES at some of Britain's biggest companies are using mobile
    phones that can be secretly tracked and bugged, despite a series of
    Times investigations demonstrating gaping holes in handset security.
     
    During tests at the offices of Shell, BP, HSBC and Goldman Sachs, The
    Times identified 95 phones potentially vulnerable to a new form of
    hacking known as "bluesnarfing".
    
    Under the process, which threatens mobile phones that use Bluetooth
    wireless technology, hackers can download text messages, phone lists
    and even remotely tamper with handsets to enable them to be used as
    listening devices.
    
    Last week The Times identified 46 phones that could have been
    vulnerable to attack during a 12-minute test in the central lobby of
    the Palace of Westminster.
    
    During our latest experiment, we had the ability to access the phone
    of a Shell employee supplying aviation fuel to aircraft companies and
    bug the handsets of chauffeurs driving executives. At the offices of
    Shell, a passive scan showed that 19 phones would have accepted an
    unauthorised Bluetooth connection. None was made, to avoid
    infringement of the Computer Misuse Act.
    
    Of these, 13 were Nokias and five were Ericssons. The Nokia 6310 and
    6310i, the most popular business phones in the UK, and the Ericsson
    T610, one of the best-selling picture phones, have proved to be the
    most insecure.
    
    Outside, a group of chauffeurs were waiting in seven identical and
    consecutively-numbered Volvos. An attack on any of their phones would
    have allowed us to set up a divert to a handset of our choice. We
    could then have instructed their phones to call us secretly, leaving a
    channel open through which we could have heard executives’
    conversations in the cars.
    
    At BP’s office in St James’s Square, Westminster, we identified 24
    potentially vulnerable phones while at Goldman Sachs in Fleet Street,
    the figure was 35 phones.
    
    We scanned in a smoking area outside the offices of HSBC in Canary
    Wharf during a ten-minute period. Seventeen potentially vulnerable
    phones were identified.
    
    The latest cause for concern involving the Nokia 6310s and Sony
    Ericsson T610s involves secret tracking. Commercial companies offer
    phone tracking services to businesses and individuals who want to
    locate sales forces quickly. An SMS message is sent to the relevant
    mobile phone with an activation code. Once activated, the phone’s
    location is shown on an internet website map.
    
    Bluesnarfing allows the activation code to be diverted to an attacker,
    so that an account is set up without the handset owner’s knowledge. He
    or she could then be tracked, without their knowledge, 24 hours a day.
    
    Nokia admits there are problems with its 6310s and 8910s but says it
    is working on a solution that will be available to users from this
    summer. Sony Ericsson says it has cured the text message and divert
    problems in new phones but phone lists, calendars and pictures can
    still be accessed. It promises a cure for that problem in the second
    half of the year.
    
    Shell and BP said they never commented on security; Goldman Sachs was
    aware of the problem and had issued advice to staff; and HSBC said its
    technical staff were looking into the problem.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri Apr 30 2004 - 06:53:05 PDT