news.com.com/2100-1009_3-5155927.html?tag=xlr8yourmac
Networking and security company AL Digital said on Monday that it had discovered a security flaw in Bluetooth, a wireless data standard, that could allow such an attack. The flaw affects a number of Sony Ericsson, Ericsson and Nokia handsets, but some models--including a handful of Nokia phones--are at greater risk because they invite attack even when in "invisible mode," according to AL Digital. Nokia said that a bluesnarf attack "may happen in public places, if a device is in the visible mode and the Bluetooth functionality is switched on. We have repeated the attacks and found that there are some corrupted Bluetooth messages that could crash the Nokia 6310i phone," said the representative, who sought to reassure customers by saying that following the crash, the phone will reset and function normally. A Sony Ericsson representative told ZDNet UK the company is "looking into" the matter and expected to make a statement on Tuesday. Handsets at risk England-based AL Digital said that the risk of a bluesnarf attack was highest for the four phone models listed by Nokia. Some models were described as more vulnerable than others in invisible mode, in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices. AL Digital has developed several proof-of-concept utilities, but has not released them, Laurie said. The utilities include Bluestumbler, designed to monitor and log all visible Bluetooth devices (name, MAC address, signal strength, capabilities), and identify the manufacturer from MAC address lookup; According to AL Digital's 28 Bluestumbler Web site, vulnerable phones include: Ericsson T68; Laurie said he discovered the problem when he was asked to test how safe Bluetooth devices actually were. When I did that, I found that it is not secure," he said. According to Laurie, he can initiate a bluesnarfing attack from his laptop after making a modification to its Bluetooth settings. I have a modified the Bluetooth stack, and that enables me to perform this attack," he said. Bluesnarfing has huge potential for abuse because it leaves no trace and victims will be unaware that their details have been stolen, Laurie said. Manufacturers try and make Bluetooth simple to use on phones, so you don't have much granularity in setting options. On a lot of phones, Bluetooth is either on or off," he said. He said that the only way to be completely safe is to switch off the Bluetooth functionality. Nokia will not be releasing a fix for its devices in the near future because the attacks are limited to "only a few models" and it does not expect them to "happen at large," the Nokia representative said. The company is advising customers in public places to set their phones to invisible or switch the Bluetooth functionality off. This does not affect other functionalities of the phone," the Nokia representative said.
|
http://csua.com/feed/