http://www.nytimes.com/2005/03/02/movies/oscars/02leak.html By JOHN MARKOFF and LAURA M. HOLSON March 2, 2005 Paris Hilton is not alone. According to a Los Angeles security consulting firm that went skulking outside the Academy Awards ceremony in Hollywood on Sunday, as many as 100 people who walked the red carpet were carrying cellphones vulnerable to the kind of privacy invasion that recently gained Ms. Hilton a new round of unwanted notoriety. Three employees of the company, Flexilis, founded two years ago by four University of Southern California students, positioned themselves in the crowd of more than 1,000 people watching celebrities arrive at the Kodak Theater. John Hering, one of the company's founders, wore a backpack in which he had placed a laptop computer with scanning software and a powerful antenna. The Flexilis researchers said they were able to detect that 50 to 100 of the attendees had smart cellphones whose contents - like those of Ms. Hilton's T-Mobile phone - could be electronically siphoned from their service providers' central computers. The contents of Ms. Hilton's phone, including other celebrities' phone numbers, ended up on the Internet. The researchers said they were uncertain about the precise number of vulnerable phones because some phones may have been detected more than once, They did not tap into any of the cellphones that were scanned - which would have been illegal - and so could not identify exactly whose phones were vulnerable. The researchers said that their stunt, which scanned the red carpet from about 30 feet away, was meant to raise awareness of a threat to privacy that is becoming more common as advanced cellphones carry a growing range of personal data, including passwords, Social Security numbers and credit card information. "Celebrities, V.I.P.'s, executives and politicians are among the most vulnerable to this kind of attack, because they are frequently the first to adopt new consumer technologies," Mr. Hering said. He also noted that despite extensive security measures at the Oscars, his company's surveillance activities went unnoticed. "We were only doing this passively, but it was possible that someone could have been standing right next to us doing this maliciously," he said. John Pavlik, director of communications for the Academy of Motion Picture Arts and Sciences, said: "We're very confident about the ability of our security to keep our guests and performers and nominees safe. The problem with the privacy issue is that it is, in fact, a growing phenomenon with these smart phones and it will get to be more and more of a problem each year. This year, we tried to address it as strenuously as we could." Flexilis has specialized in a short-range wireless data technology known as Bluetooth, which is intended to replace cables over short distances. Many cellphones now have Bluetooth wireless capability to permit synchronizing with computers, or to connect to peripherals like wireless headsets. Bluetooth is also becoming a standard technology in luxury cars to permit them to integrate easily with cellphones. And it is increasingly found in personal computers as a cable replacement for keyboards, mice and printers. The Flexilis team said their concern was not with Bluetooth itself, which contains adequate security protection, but with the way the technology has been used by many manufacturers. "We're attempting to raise the level of security in the wireless world to the same standard that is now expected in the wired world," Mr. Hering said. Mike Foley, executive director of the Bluetooth Special Interest Group, an industry association, said that his organization "takes security very seriously" and that "so far no security holes have been discovered in the Bluetooth specification itself." Actors interviewed over the Oscar weekend expressed varying degrees of concern about their vulnerability. Sandra Oh, one of the stars of "Sideways," which was directed by her husband, Alexander Payne, said she rarely used a cellphone. "Who wants to be that accessible?" she said in an interview Saturday at the Independent Spirit Awards. "People have so many lines-of-defense phone numbers so people can't reach them. Alexander has, like, four or five." Robin Williams, at the same event, pulled a phone from his inside coat pocket and deadpanned: "These phones are amazing. They have everything. Games. Phone book. A vibrator." Mr. Williams said it was unlikely that an eavesdropper would have much interest in monitoring his cellphone. "I don't have a lot of numbers in my phone book," he said. But he added: "It wouldn't be hard for a hacker to get inside one of these things. You've got to be careful." Catherine Billey and Matt Richtel contributed reporting for this article. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Mar 02 2005 - 10:22:22 PST