Nokia has confirmed that some of its phones are vulnerable to authentication and/or data transfer mechanisms, hacking possibilities and denial-of-service (DoS) attacks via Bluetooth.
The vulnerabilities in certain Nokia and Ericsson Bluetooth-enabled phones were exposed in February by UK networking and security firm AL Digital, which revealed that some Nokia and Ericsson Bluetooth handsets were open to being hacked from a modified Bluetooth-enabled laptop. The concept has been dubbed "bluesnarfing".
According to AL Digital, once a phone has been hacked, the phonebook, calendar, clock, business card, properties, change log and the international mobile equipment identity, which uniquely identifies the phone to the mobile network, can all be accessed.
Sari Korolainen, Nokia communications specialist, says the Nokia 6310, 6310(i), 8910 and 8910(i) are vulnerable to being hacked or "snarfed". However, apart from raising awareness about the vulnerabilities in the phones and the possibility of an attack, Nokia will not take any direct measure to upgrade the phones in order to counter snarfing, Korolainen says.
"Based on the information available to date, it is highly unlikely that devices with Bluetooth technology would become broadly exposed to security attacks. Still, we feel it is important to raise consumers` awareness and concern, especially of the concept of 'bluejacking` (sending a message to a user`s phone via Bluetooth) and bluesnarfing," she says.
To counter the possibility of a snarf attack, users are encouraged to remove Bluetooth pairings in the "Bluetooth pairings view", says Korolainen. In forthcoming Nokia products, the user will be able to easily remove all Bluetooth pairings by performing a factory reset, eliminating the potential misuse of Bluetooth pairings, she says.
"In public places, where phones with Bluetooth technology might be targets of malicious attacks, at least in theory, the safe way to prevent snarf attacks is to set the device in non-discoverable or 'hidden` mode. Personal devices like car kits and headsets can still connect to the phone, but it makes the task much more difficult for intruders, since they will have to know or guess the Bluetooth address before establishing a connection," she says.
In order to be absolutely safe, the user can simply switch off the Bluetooth functionality, Korolainen says.
ZDNet quotes Ericsson as saying the problem exists in the T610, T610i, T39, R520 and T68, and users with the software version R1A081 should have their phones upgraded. Sony Ericsson SA could not be reached for comment.
Share
