Nokia Admits Multiple Bluetooth Security Holes 136
An anonymous reader writes "Nokia has admitted that four of its handsets (6310, 6310i, 8910 and 8910i) have multiple security vulnerabilities that can allow an attacker to read, edit and copy the contacts and calendar entries using Bluetooth. This admission comes after a ZDNet UK article published earlier today. the spokesperson advises customers to switch off Bluetooth in public places!" For more information, see the bluesnarfing site pointed out by reader profet.
bluejacking (Score:1, Interesting)
But I guess Nokia finally admitting they have an issue is interesting. I wonder what the other Bluetooth capable device manufacturers do about this???
K.I.S.S (Score:3, Interesting)
Unbelievable (Score:2, Interesting)
I thought most people would have learned something on the WiFi fiasco by now, especially Nokia (who also make security products such as firewalls by the way)
Now let's see if they're dedicated enough to their customers to fix this problem quickly.
In the meantime, it's good idea to keep this on the headlines of the media.
On another note, I'd be interested about other bluetooth-enabled devices - handsfree headset ? iPAQs? Palm? Sony Clies?
It could be a lot worse... (Score:3, Interesting)
I can't guess their reasons for not including Bluetooth with all their more expensive models, since it can't cost more than one Euro or so, but at least it means that of all the phones out there, relatively few are exploitable.
Re:It could be a lot worse... (Score:4, Interesting)
As an consumer, if you have a bluetooth phone all you are likely to have is the phone number of your friends.
As a geek, you are more than likely to have a PDA for keeping anything more detailed/sensitive.
Business users, executives etc. are more likely to use the advanced functions of there phones and therefore it is they that are most at risk to losing sensitive data.
So, whilst most models dont have bluetooth, the ones that do are the ones that are liekly to have the most valuable information.
nokia is not the only one (Score:5, Interesting)
What's the truth? (Score:4, Interesting)
Re:K.I.S.S (Score:3, Interesting)
---
Dman luddites. Just because you would rather have a device that gives up freedom for security does not mean all of us do. There is a market for "KISS" phones, just as there is a market for locked-down xbox or "internet appliance" computers. Your post, however, implies that companies shouldn't produce more complicated phones. Personally, my phone's main source of usefullness is as a general-purpose, hackable device, and I don't expect anything less.
Adding security doesn't mean we have to remove features. Linux is a prime example of this. Substantially more secure than most alternatives, not because it removes features, but because people actually paid attention to security when they wrote it.
Not true - wires leak like hell (Score:5, Interesting)
This isn't true -- you can pick up (copper) LAN signals from a reasonable distance, which is why the military always uses fiber outside of shielded environments. At least when sensitive data is expected to travel along the pipes.
The most obvious way to test this is to place an ordinary FM radio antenna along the network wire and see how much junk you are picking up; you can clearly hear the intensity of the network traffic.
I heard this traffic when sitting in my car in the company parking lot at one of my previous jobs and so knew when the builds were done.
Granted, the equipment is fairly expensive, but don't think for a second that you're safe because you're wired. Wires leak like hell.
Re:Not true - wires leak like hell (Score:2, Interesting)
An ordinary radio set gives only a qualitative estimate. To recover the actual data, you'd need equipment costing more than any of my data is worth {but I wouldn't put it past the M.I.B. to sue me for wasting their time with junk data}. You'd also probably need to be inside my house {which is usually occupied, due to become occupied soon, or locked} and near the actual segment carrying the data; and, since the ADSL connection goes off into who knows where, that would probably be the easier target.
Also, the military deliberately go overboard on security so as in order to make people think things are less secure than they really are. Overkill is just part of the theatre: it makes the top brass feel important, and it cultivates insecurity among the lower ranks.