News Forum Phone database

> New Topic
> Reply
< Esato Forum Index > General discussions > General > bluejacking and now bluesnarfing Bookmark topic

The question is not if your phone is vurnable, the question is HOW to do it ? I understand that this can be done only with a computer?
--
Posted: 2004-02-10 11:10:33
Edit : Quote


But how do you tell if a laptop has built-in bluetooth?
--
Posted: 2004-02-10 11:10:44
Edit : Quote


Carlsb3rg > just modify the bluetooth stack on a bluetooth enabled laptop. I highly doubt it would be possible on a normal mobile

rdnymllnsktr > If the user has a devious look on his face, hes probably upto no good...
--
Posted: 2004-02-10 11:12:00
Edit : Quote


Quote:
On 2004-02-10 10:40:18, energetic wrote:

Am concerned about the possibility someone accessing our mobile roms and removing files from there which are vital for our mobile phones.



You can't even modify the.ROMs using the phone itself so I doubt anyone can do it externally through a vague BT connection, which are unstable enough at the best of times. (always failed sending, not finding devices etc.)
Also who said this, isn't the issue with contacts, calendar & other user info?
I'm leavin my BT on, I've yet to be Bluejacked never mind snarfed by some computer geek on a laptop!
--
Posted: 2004-02-10 11:32:00
Edit : Quote


I think the only way to open a bluetooth serial port to a victims phone with no acceptance, is when the phone is paired with it.

Why the hell would anyone pair the phone with an attacker, by accepting the pairing in the first place!?!??!

_________________
David Bradley (IBM engineer), inventor of Ctrl+Alt+Del:
"I may have invented it, but Bill made it famous".

[ This Message was edited by: Krubach on 2004-02-10 10:47 ]
--
Posted: 2004-02-10 11:45:59
Edit : Quote


This has been discussed before. See http://www.esato.com/board/viewtopic.php?topic=43767

Also take a look at the comments by a Bluetooth expert from TDK on the theregister.co.uk web site when this was first discussed.

He ends his open letter like this:
...As a Bluetooth manufacturer we've not been approached by A.L. Digital. I've asked them for details of this and look forward to receiving them and putting them to the test. If there is an issue then the Bluetooth industry needs to address it. The people I talk to in the SIG understand the need to get security right and be honest about it - they all saw what the consequence is if you don't - look at the IEEE and 802.11. I suspect that what A.L. Digital have seen is a facet of having previously paired devices and then correlating the subsequent behaviour to that of a pristine, unpaired device. It would not be the first time that mistake has been made.

At the end of the day all security has to come down to the question of what is adequate for the application. In the case of Bluetooth on a mobile phone my interpretation is that the easiest way to get data off the phone is still to nick it. You can't blame Bluetooth for that.


Nick Hunn
Managing Director
TDK Systems Europe Ltd


[ This Message was edited by: laffen on 2004-02-10 12:25 ]
--
Posted: 2004-02-10 13:23:11
Edit : Quote


So I was right then...
--
Posted: 2004-02-10 13:27:49
Edit : Quote


This has been mentioned before, though no one's posted a reply:

Can we assume that the Z600 is vulnerable if the T610 is?
--
Posted: 2004-02-10 14:29:01
Edit : Quote


Is there anything that could happen to my phone if the Bluetooth is on (i.e on but not discoverable?)
--
Posted: 2004-02-10 14:49:36
Edit : Quote


some more links:

http://bluestumbler.org/

http://news.com.com/2100-1009_3-5155927.html?tag=cnetfd.buzz

Hope this helps
--
Posted: 2004-02-10 17:47:01
Edit : Quote

---

New Topic   Reply

Forum Index