Nokia Admits Multiple Bluetooth Security Holes 136
An anonymous reader writes "Nokia has admitted that four of its handsets (6310, 6310i, 8910 and 8910i) have multiple security vulnerabilities that can allow an attacker to read, edit and copy the contacts and calendar entries using Bluetooth. This admission comes after a ZDNet UK article published earlier today. the spokesperson advises customers to switch off Bluetooth in public places!" For more information, see the bluesnarfing site pointed out by reader profet.
No big deal (Score:4, Insightful)
What happened with wireless networks happened with anonymous ftp servers.
What happened with anon ftp servers happened with telnet access (you remember the "guest" login provided by most hosts ?).
Every time a new technology is used there are some flaws with it. No big deal.
Is Bluetooth upgradeable? (Score:2, Insightful)
Social science wonder? (Score:5, Insightful)
Yet, a mobile-phone giant does this. Are they just plain stupid, or is this another example of the wonders of social science? I can't help thinking how intelligent an ant nest can be though ants singularly are so stupid, and how an organization with some of the brightest engineers on the planet can act so carelessly.
Re:Is Bluetooth upgradeable? (Score:5, Insightful)
I don't think the bluetooth protocol is broken - just the implementation.
Re:No big deal (Score:5, Insightful)
What happened with wireless networks happened with anonymous ftp servers.
What happened with anon ftp servers happened with telnet access (you remember the "guest" login provided by most hosts ?).
Every time a new technology is used there are some flaws with it. No big deal.
BIG DEAL!
You could expect that someone that designs a new communication protocol today builds on past experience. It's not like viruses, spam, malware and and crackers are something unknown. Instead, you should make the security requirements absolutely central in your new protocols. With the bluetooth technology becoming the most widespread wireless communications protocol (if you believe its proponents) not having security as a top priority is absofuckinglutely brainlessly idiotical.
Turn it off! (Score:2, Insightful)
Re:Social science wonder? (Score:2, Insightful)
They havent even got a fully functional 3G phone yet..
Its that evil virus, whats it called again? Oh yeah, mismanagement.
Re:K.I.S.S (Score:2, Insightful)
Re:No big deal (Score:5, Insightful)
Solution: Employ Hackers (Score:2, Insightful)
Re:K.I.S.S (Score:5, Insightful)
Your comparison with "their machines" and the phone firmware (essentially this is the phone "OS"), makes me think you believe that Windows Update can defeat MyDoom.
Actually, MyDoom has fuck all to do with keeping your Windows PC up to date. It is about keeping your _virus_ scanning up to date, and not running attachments that make it through to you. I could have just run and completed Windows Update, but still be infected with MyDoom via the very next email I received and (stupidly) ran the attachment of. Remember, virus scanning is NOT part of the Windows OS, it is something that must be loaded and configured and paid for (usually, unless you go with grisoft or similar).
Your point would be a lot better made if you referred to something like the Blaster or Nachi worm, where the fix was available via Windows Update for several weeks.
Wireless is inherently insecure (Score:1, Insightful)
When you're sending data over the air, then you have no way of knowing who is listening. That's why my home LAN is wired -- so I at least know if anyone is tapping me, then they must be on the inside. And I wouldn't trust the phone companies to build in any kind of security either; MI5 would never let them get away with it. You should assume any part of the network you can't see is tappable if not actually tapped. The best form of telephone security is to keep all messages short and hope they aren't listening when you're speaking.
Re:Unbelievable (Score:5, Insightful)
I can. The mobile phone manufactures in general and Nokia in particular is very much focused on time-to-market. That means that their phones are not always finished when they hit the shelves. To be fair, neither was my Ericsson R520m phone when I first got it.
Re:K.I.S.S (Score:2, Insightful)
That's as foolish as saying that PCs are just tools. They're for wordprocessing, administration and some games. That's how it was when I got my first PC. Why go connect with other computers, with all those evil hackers and expose your PC with your sensitive data? Why play and record music on your computer when you have specialized devices like CD-players and tape recorders? Because more features are better.
Within ten years, phones will become always-carry-with-you wearable mini-PCs. As long as you have your phone with you, you also carry a camera, music/movie player, voice recorder, calender, notebook, game console, ebook reader, remote control, flashlight, and lots of other stuff. Sure, the interface could get a lot better, battery life still sucks now, etc. But we will get there eventually. Not too long ago, people thought 256-colors 320x200 was fantastic quality on a home computer.
There is no line to cross for a phone to have a "full OS". The OS in your phone today is already more complex than my early home computers.
Re:Social science wonder? (Score:3, Insightful)
The problem with any encryption method is that it reduces (to some extent) convenience. Since convenience is the keyword mobile phone manufacturers depend on to sell their products, and any level of extra "complexity" is seen as a hindrance.
The mobile phone market is so tight that any possible hindrance (whether it is reasonable or not) is seen as a liability to sales.
Well, that and featching creeperism: Hey, we said we wanted Bluetooth phones. Nokia, et al, just gave them to us. We didn't say we wanted safe or well-designed Bluetooth phones, did we? Outside of a few troublemakers (like us), the market is perfectly happy with what it has been getting so far.
Security needs to be designed into products, and we are still getting prototypes out the door and tacking on security as it the last consideration, or adding features w/o considering the security implications.
Ain't capitalism great?
Re:Is Bluetooth upgradeable? (Score:2, Insightful)
Always do backups before firmware updates!