The jewel in the crown of Samizdata.net
A blog for people with a critically rational individualist perspective. We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. a system of clandestine publication of banned literature in the USSR
[Russ.,= self-publishing house]
Learn about the Gadsden flag.





Support Denmark and Free Speech against totalitarian Islam.
Default font size Large font size Larger font size
There is much to find for those who look
White Rose
Print Version
Blogging Glossary
Pictures
Meme hacks
Merchandise
Samizdata for PDA
Syndicate Samizdata.net
XMLRDF
We are not alone

White Rose protest blog collective

Libertarian Alliance
Libertarian Alliance

Centre for the New Europe

Libertarian International
Liberty's cause transcends
mere national borders



Made possible by...
Web and graphic design by the dissident frogman

Powered by Movable Type
 
March 17, 2004
Wednesday
 
 
Bluetooth extractions
Dale Amon (Belfast, Northern Ireland/Laramie, Wy)  Privacy & Panopticon

Here is a new hack that has been making the rounds of the computer security community. It seems bluetooth lays many very common mobile phones wide open to one or more attacks. On at least one Nokia (the very one I have in fact), someone walking past you on the street can lift your entire address book and calendar even if your Bluetooth setting is HIDDEN. There are other sorts of possible abuse as well: read the article.

No, I did not get caught out. I spend too much time in bad company to trust any system which hasn't been source-code audited by people I trust. Since mobile phones are all based on proprietary code, I have always taken the precaution of only enabling such features (on mobiles or other systems) during time of use.

For those of you who religiously follow slashdot, this is probably not news. Most of our readers are not engineers so this may be news to them.

If you have bluetooth, turn the bloody thing OFF!!!!

Comments

Intertesting. I have Bluetooth on much of the time with my Sony Ericsson and PowerBook G4. Have run a few tests to informally check security and nothing of interest was noted. Wonder if the diff is in manufacturers or the protocol itself?

I also walk around with WiFi (g) turned on much of the time. I have "scrambler" software (a beta with NDA; don't ask) that constantly changes the WiFi (or Airport Extreme for those who recall that Apple first introduced both b & g) although I know it still has problems, but the software monitors up/downstream and usually notes "borrowers" (or attempts) and posts an alert.

Too many electronic gadgets. And they talk too often to those not intended by their owners. (Hmm...just tried a scan of the SE phone with several other devices, primarily my PowerBook, and they see the phone but when it's in "lock down" mode they see nada in the way of data. One device tried is a special Blue Tooth scanner of some sort I borrowed from the IT guy I happen to be visiting presently. He said it's rather pricey and he uses it to check to see if laptops, printers, phones, et al are working correctly. More testing required.)

Thanks for tip. Am forever watching Airport (b)/Airport Extreme(g) but have been doing little more with BlueTooth than syncing the phone's data and a bit of printing.

Since Mac OSX 10.3.3 does have Apple's Rendezvous technology it can easily find any Bluetooth device within range almost instantaneously. I could use the phone and could connect to the net, but couldn't access any of its stored data which includes a good deal more than an address book. Will have to get with a Linux friend who has a late model Nokia and see what his experience has been.

(The IT manager says a PowerBook equipped with BlueTooth is easier to use, but his gizmo apparently provides more info with regard to sensitivity and distance.)

Am assuming your use of Windows. If not please clarify.


Posted by Steve at March 17, 2004 10:59 PM

The bottom line is that Bluetooth, wi-fi et al. are radio-based, and are about as secure and private as CB ever was.

If you really want to use anything like this, do some research and follow the security tips you can get on-line. Consider buying a guide on how to set them up securely.

Ask yourself what's the worst that could happen if someone a) copied b) erased c) altered the information you keep on whatever wireless-enabled device you're using. Is it your information, or could it belong to your employer? Have you signed up to anything promising to look after it?

One of my father 's little sayings from his time in the war was, "It's not the one with your name on it you need to worry about; it's the ones marked "To whom it may concern". The current state of the Internet and the phone markets means there's a veritable shitstorm of stuff marked "To whom it may concern" out there...


Posted by Harry Payne at March 17, 2004 11:28 PM

According to the article it is just some mobiles which are wide open; bluetooth on laptops is not necessarily at risk.

And as you mention, 802.11 (WiFi to the nontechs) is inherently flawed from a security viewpoint. To my knowledge, *all* WiFi is crackable no matter what settings you use. I've got a number of papers on the topic from a few years ago... and I have not heard of any major changes to the standard that would fix it.


Posted by Dale Amon at March 18, 2004 11:28 PM

To my knowledge, *all* WiFi is crackable no matter what settings you use.

I've got friends who claim it can be fine, but you need to use large encrypt keys.

Wrt Bluetooth I am always amazed at the number of Bluetooth devices which appear if you do a discover in a public place. I keep it turned off unless I'm actually using it for something.


Posted by Dave at March 19, 2004 10:47 AM
Post a comment









Remember personal info?


Enter anti-spambot Turing code:





Select some text and click this to format it as a quote Make the selected text bold Make the selected text italic Add a web link


Basic html active.

Alas, but for obscure reasons Mozilla, Mac and Linux users shall not harness to power of the push-button formatting options and shall therefore compose basic html with their bare hands. Yet Mozilla, Mac and Linux users shall not fear, for we shall reveal forthwith the mysteries of Basic Html:

<strong>This text in-between is bold</strong>

<em>This text is in italics</em>

And
<blockquote>This is a quote</blockquote>
Remember to close your opened tags as such: <tag> tagged text and closing </tag> and we promise you will get out of here alive.

For adding links, either use the link URL button on the toolbar or enter your code by hand in the following format:
<a href="http://www.your_link.com">your link text or description here</a>

Movable Type's anti-spambot e-mail address protection is enabled.

You are a guest on private property. Have fun but please be civil and succinct. Blogroaches will be persecuted, not to mention IP banned.

Long third party quotes or articles will also be deleted... so just link to articles you think are germane to your comment, don't quote the whole bloody thing.