Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Wireless Networking Hardware

Nokia Admits Multiple Bluetooth Security Holes 136

Posted by timothy from the oops dept.
An anonymous reader writes "Nokia has admitted that four of its handsets (6310, 6310i, 8910 and 8910i) have multiple security vulnerabilities that can allow an attacker to read, edit and copy the contacts and calendar entries using Bluetooth. This admission comes after a ZDNet UK article published earlier today. the spokesperson advises customers to switch off Bluetooth in public places!" For more information, see the bluesnarfing site pointed out by reader profet.
This discussion has been archived. No new comments can be posted.

Nokia Admits Multiple Bluetooth Security Holes More

Nokia Admits Multiple Bluetooth Security Holes

Comments Filter:

  • Great ! (Score:5, Funny)

    by mpeeters ( 58550 ) on Tuesday February 10, 2004 @07:24AM (#8236172) Homepage
    Great, not a single Mac OS X app can correctly address my 6310i, but Joe Random Hacker can? Urgh. I need to get my priorities straight.

    • Re:Great ! (Score:4, Informative)

      by Grounded0 ( 703575 ) * on Tuesday February 10, 2004 @07:41AM (#8236243) Homepage Journal
      Go in to System Preferences, click Bluetooth applet, check "Support Non-Conforming Phones".

      • Re:Great ! (Score:3, Informative)

        by singleantler ( 212067 )
        While I can use my 6310i as a modem for my Mac with no problems, I can't access the phone book in it, which is highly annoying, and using 'Support non-confirming phones' hasn't made any difference to that.

        It's a shame - this is something the Sony/Ericsson phones do very well, but I still prefer Nokias overall (mainly because of their interface.)

        • Try this (Score:3, Informative)

          by stere0 ( 526823 )
          PhoneManager [macmedia.sk] claims it can transfer contacts to/from a 6310i using bluetooth. It doesn't work without a cable for my non-i 6310 so I haven't tested it.
          • Thanks - great link (sorry I didn't reply earlier.)

            It doesn't seem to greatly like my BT dongle, but I'll keep fiddling as it does exactly what I need.

            Thanks

  • bluejacking (Score:1, Interesting)

    by martin ( 1336 )
    Old news. The concept of hijacking bluetooth links was first mentioned here [slashdot.org] back in November.

    But I guess Nokia finally admitting they have an issue is interesting. I wonder what the other Bluetooth capable device manufacturers do about this???

  • No big deal (Score:4, Insightful)

    by cwernli ( 18353 ) on Tuesday February 10, 2004 @07:25AM (#8236176) Homepage
    What's happening with Bluetooth happened with wireless networks.

    What happened with wireless networks happened with anonymous ftp servers.

    What happened with anon ftp servers happened with telnet access (you remember the "guest" login provided by most hosts ?).

    Every time a new technology is used there are some flaws with it. No big deal.

    • Re:No big deal (Score:5, Insightful)

      by pesc ( 147035 ) on Tuesday February 10, 2004 @07:45AM (#8236260)
      What's happening with Bluetooth happened with wireless networks.
      What happened with wireless networks happened with anonymous ftp servers.
      What happened with anon ftp servers happened with telnet access (you remember the "guest" login provided by most hosts ?).
      Every time a new technology is used there are some flaws with it. No big deal.

      BIG DEAL!

      You could expect that someone that designs a new communication protocol today builds on past experience. It's not like viruses, spam, malware and and crackers are something unknown. Instead, you should make the security requirements absolutely central in your new protocols. With the bluetooth technology becoming the most widespread wireless communications protocol (if you believe its proponents) not having security as a top priority is absofuckinglutely brainlessly idiotical.

      • Re:No big deal (Score:5, Insightful)

        by infiniti99 ( 219973 ) <justin@affinix.com> on Tuesday February 10, 2004 @07:56AM (#8236310) Homepage
        Just to clarify, this article is about a problem in Nokia's implementation of Bluetooth, not necessarily a problem in the actual Bluetooth protocol/specification. As an analogy, we hear about security holes in IIS, Apache, OpenSSL, etc, but these do not necessarily indicate problems in the relevant RFC documents. At least, we can hope so ...

        • Re:No big deal (Score:5, Informative)

          by hanssprudel ( 323035 ) on Tuesday February 10, 2004 @08:18AM (#8236436)
          There are problems with Bluetooth by design. For one thing, no wireless protocol for interaction between devices can be truly secure unless peering requires physical contact between them (I place my phone next to my laptop, but the spook across the street has a directed antenna that is a thousand times stronger then the phone...)

          It isn't like this hasn't come up before, Schneier predicted that Bluetooth would be a security nightmare three and a half years ago [schneier.com] ! Quoting:

          What amazes me is the dearth of information about the security of this protocol. I'm sure someone has thought about it, a team designed some security into Bluetooth, and that those designers believe it to be secure. But has anyone reputable examined the protocol? Is the implementation known to be correct? Are there any programming errors? If Bluetooth is secure, it will be the first time ever that a major protocol has been released without any security flaws. I'm not optimistic.

          And what about privacy? Bluetooth devices regularly broadcast a unique ID. Can that be used to track someone's movements?

          The stampede towards Bluetooth continues unawares. Expect all sorts of vulnerabilities, patches, workarounds, spin control, and the like. And treat Bluetooth as a broadcast protocol, because that's what it is.

          • Re:No big deal (Score:2, Informative)

            by Anonymous Coward
            There is a shared pin code which is entered into both devices. If this pin code is short, as it typically is for low-security applications, then you have a point.

            What's important, though, is that a shared key is negotiated without being sent over the wire. It may be possible to brute-force the pin with data captured from the initial authentication run, or there might be an attack against the key generation or encryption, but the "physical connection" you claim is required is only one way of ensuring that a
        • ..and the 4 handhelds also are of the phones that have the crappiest bluetooth there is, not surprisingly being first(or nearly first) on the market as well.

        • Just to clarify, this article is about a problem in Nokia's implementation of Bluetooth, not necessarily a problem in the actual Bluetooth protocol/specification. As an analogy, we hear about security holes in IIS, Apache, OpenSSL, etc

          Oh, in that case, I know this one: it's the users' fault for not constantly monitoring the problems discovered in every software package they use and failing to update their systems, right?

          At least that seems to be the typical slashdot attitude - we love keeping track of s
          • Oh, in that case, I know this one: it's the users' fault for not constantly monitoring the problems discovered in every software package they use and failing to update their systems, right?

            I never said anything about users. A little cranky this morning? ;-)

            Security holes are the fault of the developer. However, more often than not, software has security holes that are fixed in later revisions, and the user will need to update. This need to update cannot be blamed on the user, it is just an unfortunate
          • Kind of makes you glad recalls of non-software products don't work the same way.

            Like a cell phone, or something. (Which, of course, was probably your point.)

  • Hey, do you want.... (Score:4, Funny)

    by lofoforabr ( 751004 ) on Tuesday February 10, 2004 @07:26AM (#8236186)
    a fresh list of emai^H^H^H^H telephone numbers so you can send your email marketing to?

  • K.I.S.S (Score:3, Interesting)

    by OlivierB ( 709839 ) on Tuesday February 10, 2004 @07:26AM (#8236188)
    Keep It Simple Stupid. Phones are tools. We don't "need" them to be fully featured akin a full OS. Today we have Bluetooth hole sin a few phones. What's next tomorrow on MSFT Smart Phones? Hackers turning in using your line to call 0900 numbers? People hacking your e-wallet? When it comes to commodity devices we should make sure they do reliably and securely work. I don't expect anything less.
    • Most people would probably agree with you. I certainly do , but try telling this to the droids
      in these companies marketing departments where
      the mantra "complexity = good" is chanted on a daily basis.

      • Re:K.I.S.S (Score:2, Insightful)

        by OlivierB ( 709839 )
        Think about the damages on windows PCs. Users are advised to keep their machines up to date and yet a significant proportion of them do not listen (want proof? Mydoom is now in version C and still taking hits at MSFTs website). Now how many of you have updated your phones firmware? Think about all those non PDA phones which don't come with a PC connection Kit. All these Nokia phones WILL remain vulnerable for as long as they will work because hardly anybody hassles to go in a Nokia centre to upgrade their f

        • Re:K.I.S.S (Score:5, Insightful)

          by little_fluffy_clouds ( 441841 ) on Tuesday February 10, 2004 @08:31AM (#8236530)
          Think about the damages on windows PCs. Users are advised to keep their machines up to date and yet a significant proportion of them do not listen (want proof? Mydoom is now in version C and still taking hits at MSFTs website).

          Your comparison with "their machines" and the phone firmware (essentially this is the phone "OS"), makes me think you believe that Windows Update can defeat MyDoom.

          Actually, MyDoom has fuck all to do with keeping your Windows PC up to date. It is about keeping your _virus_ scanning up to date, and not running attachments that make it through to you. I could have just run and completed Windows Update, but still be infected with MyDoom via the very next email I received and (stupidly) ran the attachment of. Remember, virus scanning is NOT part of the Windows OS, it is something that must be loaded and configured and paid for (usually, unless you go with grisoft or similar).

          Your point would be a lot better made if you referred to something like the Blaster or Nachi worm, where the fix was available via Windows Update for several weeks.
      • mantra "complexity = good"
        The actual mantra is "If it ain't broke, add more features." This time, they managed to reach critical mass.

    • Re:K.I.S.S (Score:3, Informative)

      by Anonymous Coward
      Actually if you are kind of loose in what you term an OS, many Symbian devices run basically 3 OS at the same time.

      Application platform, misc. servers & UI apps (UIQ, Series 60, ...)

      Symbian OS (kernel, middleware)

      Some sort of Manufacturer RTOS for running a GSM stack, for which Symbian doesn't quite cut it.

      These devices are far from simple. Given what you can do on this size of device, I wonder why someone doesn't make a solid state PC, with a few seconds boot time, and no noise. Wireless keyboard,

      • UIQ and Series 60 are basically GUI layers so it's not at all correct to call them OSes. You're right that SymbianOS isn't real-time so it does need to run alongside or under an RTOS. SymbianOS can run as a task under NOS (Nokia OS) or on a separate processor from the GSM (or other protocol) stack. I don't remember which handsets do which.
    • If you don't need these features, then this phone is not meant for you. There are people who do. You, on the other hand, are in luck, because you can get one of the turbo-cheap models that does nothing but voice and SMS.
      • can you name some models, please. i'm very interested.
        • Look for a used one. You can usually get them for almost nothing and they're quite basic. Something like Siemens C25 or Nokia 3210. If you're looking for a new one, each manufacturer has a low-price model. Examples are Siemens A-class, Nokia 3xxx. Not too familiar with other brands' cheap models, sorry.

          These are European, so they might not be available in the Americas.
    • > Phones are tools

      Phone are phones. Anything else you care to say about them, in terms of what they should/could or shouldn't do are just your opinions. My phone lets me do a number of things in addition to making and receiving phone calls, but it could do more. People like you remind me of people making predictions that `text messaging will never take off - why type a message on a fiddly keyboard when you can just phone them?`. How many millions of text messages are sent a day now?

    • Re:K.I.S.S (Score:2, Insightful)

      by Anonymous Coward
      > Phones are tools. We don't "need" them to be fully featured akin a full OS.

      That's as foolish as saying that PCs are just tools. They're for wordprocessing, administration and some games. That's how it was when I got my first PC. Why go connect with other computers, with all those evil hackers and expose your PC with your sensitive data? Why play and record music on your computer when you have specialized devices like CD-players and tape recorders? Because more features are better.

      Within ten years,

    • Re:K.I.S.S (Score:3, Interesting)

      by beeblebrox87 ( 234597 )
      Keep It Simple Stupid. Computers are tools. We don't "need" them to be fully featured with a full OS. Today we have network holes in a few applications. What's next tomorrow on MSFT Longhorn? Hackers turning in using your modem to call 0900 numbers? People hacking your e-wallet? When it comes to commodity devices we should make sure they do reliably and securely work. I don't expect anything less.
      ---
      Dman luddites. Just because you would rather have a device that gives up freedom for security does not mean
      • Isn't it odd how many of those luddite posts actually get modded up? This is slashdot - why are people trying to sound cool by saying they don't "need" something? I thought that kind of behavior was reserved for PHB's.

        In other news, I don't need emacs, because the MS-DOS editor has all the features anyone should want from a word processor.
      • You have a valid point. However I am more and more "obliged" to buy phones with cameras, color screens etc simply because simpler ones are less and less available. I don't argue that some people need and actually want convergence, I'm just saying that those who do not want this still have to go with it (and pay the price, security wise, and money wise). My second complain was about adding features not securely: Why not use linux or whatever else if you wish. But make sure it works! I don't want to end up r
        • You would have a valid point if it were that hard to find a phone that doesn't have a camera. It's certainly getting harder but the vanilla phones are still easily available from any cell phone provider. Siemens and Nokia still make some nice ones. And you can always go the ebay route.

  • Is Bluetooth upgradeable? (Score:2, Insightful)

    by Anonymous Coward
    Is Bluetooth upgradeable and How?

  • Social science wonder? (Score:5, Insightful)

    by orzetto ( 545509 ) on Tuesday February 10, 2004 @07:34AM (#8236220)
    These days we have all possible material about encryption available publicly. We have RSA, we have digital signatures, we have freely available software which can create perfectly encrypted material which would give bad headaches to the NSA if they had to crack it, even I can encode anything with gpg.
    Yet, a mobile-phone giant does this. Are they just plain stupid, or is this another example of the wonders of social science? I can't help thinking how intelligent an ant nest can be though ants singularly are so stupid, and how an organization with some of the brightest engineers on the planet can act so carelessly.
    • stupid, definitely stupid.. look at the NGage, 3200, 7200, 7600, 7700 - Nokia are losing their marbles rapidly!

      They havent even got a fully functional 3G phone yet..

      Its that evil virus, whats it called again? Oh yeah, mismanagement.

      • Agreed. The 6310i is a decent, sensible phone - triband, HSCSD-capable modem, and GPRS. Unfortunately it's the one with the fscked bluetooth implementation.

        I keep it enabled on mine for my BT handsfree unit, but it's set hidden. It's not perfect, but should make me less likely to get hit by it.

        (I was amazed when I did a scan in a cinema recently how many phones were advertising their presence.)

        I still use my older Motorola L7089 and T280 - neither of which have Bluetooth. But neither of the modems in the

    • The problem with any encryption method is that it reduces (to some extent) convenience. Since convenience is the keyword mobile phone manufacturers depend on to sell their products, and any level of extra "complexity" is seen as a hindrance.

      The mobile phone market is so tight that any possible hindrance (whether it is reasonable or not) is seen as a liability to sales.

      Well, that and featching creeperism: Hey, we said we wanted Bluetooth phones. Nokia, et al, just gave them to us. We didn't say we wante

  • when things aren't built from the ground up with security in mind, there is likely to be some compromise for the sake of ease of use, when security issues come to mind. apart from the fact that any form of wireless communication is prone to be insecure! think about it.. ARGH THE GOVERNMENT IS LISTENING TO MY PHONE CALLS!!
  • ... if these are the only Nokia models which are affected by this vulnerability.

    What about other models that have Bluetooth? Are they safe from this security hole?

  • Turn it off! (Score:2, Insightful)

    by SpinyManiac ( 542071 )
    If you turn Bluetooth off, your're invulnerable and your batteries will last longer.
  • No one wanders about with their phone whilst it is discoverable anyway.

    Looked more like an attempt to get advertising for their hosting company to me.

    I was interested to see the Z1010 on the list when the commercial version isn't out yet.

    • Re:Big Woop. (Score:3, Informative)

      by zerosignal ( 222614 )
      I have my phone (non-Nokia) on discoverable all the time for convenience. I run Mac OS X, and use the Address Book application to send SMS messages via the phone. I also have iSync configured to automatically sync my address book once a day when the phone is in the vicinity of the Mac. I don't notice a major drain on the battery with Bluetooth kept on. Having to disable it every time I went outside would be very annoying.

      • Re:Big Woop. (Score:3, Informative)

        by INSSOMNIAK ( 12036 )
        You only need to be discoverable when you are pairing. After that you can keep bluetooth on and it is _supposed_ to only talk to those devices you know about.

  • Unbelievable (Score:2, Interesting)

    by sufehmi ( 134793 )
    I can't believe this, a company as big as Nokia making mistake as stupid as this ?

    I thought most people would have learned something on the WiFi fiasco by now, especially Nokia (who also make security products such as firewalls by the way)

    Now let's see if they're dedicated enough to their customers to fix this problem quickly.
    In the meantime, it's good idea to keep this on the headlines of the media.

    On another note, I'd be interested about other bluetooth-enabled devices - handsfree headset ? iPAQs? Palm
  • Some companies already do, I'd imagine, but surely the solution would be to employ - and pay decently - people who've highlighted vulnerabilities in previous products/systems to go at phones/etc like the clappers, trying to find any vulnerabilities. Granted, few products are going to be 100% secure but surely it'd be better than holes like this cropping up.

  • Irony (Score:2, Funny)

    by Dave9876 ( 591025 )
    The ad I got on the page with that article...

    Advertising nokia as a business mobility solution. Want to keep your business contacts a secret?

  • It could be a lot worse... (Score:3, Interesting)

    by heironymouscoward ( 683461 ) <heironymouscowar ... m ['oo.' in gap]> on Tuesday February 10, 2004 @08:01AM (#8236338) Journal
    Except that Nokia have built Bluetooth support only into a limited number of phones, mainly those aimed at the "business market". For instance, my 6800 has almost every conceivable option but no Bluetooth.

    I can't guess their reasons for not including Bluetooth with all their more expensive models, since it can't cost more than one Euro or so, but at least it means that of all the phones out there, relatively few are exploitable.

    • Re:It could be a lot worse... (Score:4, Interesting)

      by sokeeffe ( 210737 ) on Tuesday February 10, 2004 @08:14AM (#8236406) Homepage
      This is exactly the reason why its such a big issue.

      As an consumer, if you have a bluetooth phone all you are likely to have is the phone number of your friends.

      As a geek, you are more than likely to have a PDA for keeping anything more detailed/sensitive.

      Business users, executives etc. are more likely to use the advanced functions of there phones and therefore it is they that are most at risk to losing sensitive data.

      So, whilst most models dont have bluetooth, the ones that do are the ones that are liekly to have the most valuable information.
  • Who'd want to hack an N-Gage?

  • Both ZDNET and Nokia wrong (Score:4, Informative)

    by linuxislandsucks ( 461335 ) on Tuesday February 10, 2004 @08:21AM (#8236461) Homepage Journal
    You have to turn off bluetooth functionability to be safe..

    Nokia is vunerabile to both having the device detect on and off in the hacks..

    according to the bleustumbler.org site..

  • nokia is not the only one (Score:5, Interesting)

    by collin.m ( 207384 ) on Tuesday February 10, 2004 @08:23AM (#8236482) Homepage
    Nokia is not the only phone maker with broken or stupid bluetooth implementations. Just look at the Siemens S55 which by default (when bluetooth is on) accpets any kind of files and saves them to your phones inbox. Also it has several bugs, like the Nokia. I'm have setup a small website (http://www.betaversion.net/btdsd/) with a currently very small list of bluetooth capable phones with there security settings and bugs. I tell you bluetooth will be real fun in the future :-)

  • What's the truth? (Score:4, Interesting)

    by Tug3 ( 567419 ) on Tuesday February 10, 2004 @08:28AM (#8236516)
    Interestingly from what I have read about the security vulnerabilities with the *five* models affected by this (Nokia 6310, 6310i, 8910, 8910i and 7650), Nokia has confirmed only that the 7650 has the problem. Also reported that some SonyEricsson phones would have similar vulnerabilities, but it was not stated which models. So, I take it that at least these five Nokia phones have the Bluetooth holes. But what is interesting is that different news-feeds report Nokia confirming/denying different models! What this really tells us that the writers of the news themselves are either: 1) Too lazy to look it up from Nokia itself. 2) Too naive to take some other newsfeeds info as a fact. 3) Too inexperienced to check the validity of the info. 4) Too ??? to ??? So, who made the mistake? ALL the "reporters" who did not check the validity of the news by themselves straight from the source.

    • So, who made the mistake? ALL the "reporters" who did not check the validity of the news by themselves straight from the source.

      That's ok, there will always be a job for them here at slashdot.

  • From the article: Nokia will not be releasing a fix for the devices in the near future because it said the attacks are limited to "only a few models" and it does not expect them to "happen at large".

    Doesn't seem smart to me. Admit there is a vulnerability then say you aren't going to fix it. I'm surprised they didn't say the "fix" would be released in the next versions of the affected phones and customers would need to upgrade following their easy and costly upgrade path.

    Of course a bulk enterprise lic

  • I'm glad I still have my old 3210. As long as it continues to make a noise when someone dials it and transmit my voice and their voice in mutually opposite directions when answered, then I have no reason to replace it.

    When you're sending data over the air, then you have no way of knowing who is listening. That's why my home LAN is wired -- so I at least know if anyone is tapping me, then they must be on the inside. And I wouldn't trust the phone companies to build in any kind of security either; MI5 wo

    • Not true - wires leak like hell (Score:5, Interesting)

      by CrystalFalcon ( 233559 ) on Tuesday February 10, 2004 @09:10AM (#8236818) Homepage
      That's why my home LAN is wired -- so I at least know if anyone is tapping me, then they must be on the inside.

      This isn't true -- you can pick up (copper) LAN signals from a reasonable distance, which is why the military always uses fiber outside of shielded environments. At least when sensitive data is expected to travel along the pipes.

      The most obvious way to test this is to place an ordinary FM radio antenna along the network wire and see how much junk you are picking up; you can clearly hear the intensity of the network traffic.

      I heard this traffic when sitting in my car in the company parking lot at one of my previous jobs and so knew when the builds were done.

      Granted, the equipment is fairly expensive, but don't think for a second that you're safe because you're wired. Wires leak like hell.
      • Um, you know, you could be right with that one, especially since I upgraded from thin co-ax to Cat5. Although I thought the twisted pairs had some sort of a shielding effect. And also, most of my kit seems to give off plenty of RF noise, so maybe that helps to mask it.

        An ordinary radio set gives only a qualitative estimate. To recover the actual data, you'd need equipment costing more than any of my data is worth {but I wouldn't put it past the M.I.B. to sue me for wasting their time with junk data}.

        • Re:Not true - wires leak like hell (Score:1, Funny)

          by Anonymous Coward
          > Although I thought the twisted pairs had some sort of a shielding effect.

          Maybe a little, but what do you think the U in UTP stands for?
          • Unshielded Twisted Pair. But the idea is that whenever one wire goes up from 0V to 5V {putting out a pulse of RF}, the other goes down from 5V to 0V {putting out an equal and opposite pulse of RF} so the two should cancel one another out, as long as the wires remain in intimate proximity.
            • ...as long as the wires remain in intimate proximity.

              We had one of our network-connected copiers start sending copious amount of garbage data through the network. When we went to take a look at it we had found that a cleaner had uncovered the network cable and run over it with a vacuum.

              The outside cover had been torn completely off and the internal wires were definitely not in "intimate proximity".

  • Protected 6310 (Score:5, Funny)

    by Fizzl ( 209397 ) <`ten.lzzif' `ta' `lzzif'> on Tuesday February 10, 2004 @08:39AM (#8236577) Homepage Journal
    I think I hava 6310 from the first batch. Never bothered to flash it because I rarely use it.

    This one does not have the vulnerability. You see, if you switch bluetooth on, the whole phone crashes immediately.
  • Great. Only Saturday I got my 7650 in a sale, and I bought it primarily for its bluetooth capabilities!

    Well, I guess it was worth those 48 hours of carefree wireless toying...

    • The Nokia 7650 is differnet and should be secure as long as nobody then you has physical access to it.
      All OBEX communications (the stuff that is buggy) needs to be accepted by you and this is for the communication to start (not like other phones - do you want to save "exploit"? *BANG*)
  • Warphoning? Grossly overused prefix, but I'm surprised no one else has mentioned it.

    I wonder how long it takes before people using voice dial find themselves calling Elbonia..

  • It's bad implementation, not specification (Score:4, Informative)

    by rassie ( 452841 ) on Tuesday February 10, 2004 @09:59AM (#8237269)
    If nothing has changed since AL Digital released the it on bugtraq, then the most serious issues only affect phones that have previously been paired with the attacking Bluetooth device.

    This means that you have to have given the attacker access to privileged services at one point in time, and then deleted him.

    If you had not deleted him, he would obviously still have access.

    But it is the missing deletion that is the problem.

    You should not pair your device with any devices except your own. Your PDA requires to be paired with your Phone, Laptop, and access point, so it can dial up, synch, and have LAN access etc. But you don't have to pair it to send your business card to somebody else. There is no reason to pair with Joe Hackers device. So for most of the cases described by AL Digital it is just a bad implementation which does not affect the majority of users.

    For the rest of the cases it is also a bad implementation by Nokia and "possibly other manufacturers", it is not a vulnerability in the protocol.
  • According to the AL Digital's bluestumblerWeb site, vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 andZ1010; andNokia 6310, 6310i, 7650, 8910 and 8910i.


    Well that is just about all of the bluetooth phones out there then?

  • If you Google for the above, you'll find that Nokia's implementation of Bluetooth on this phone has been absolutely horrendous. Nokia is phasing out / has phased out the 6310i in the US and I managed to snag one on closeout at the AT & T Wireless Store for $29.95! I picked it because it had Bluetooth and because it was also the only US-sold phone that worked with a very cool car stereo handsfree kit made by Alpine (integrated Caller ID on the radio display, etc.) But apparently their implementation o
  • ...Whenever I try to open a text message from a friend, I get some message trying to sell me cheap Viagra knockoffs...
  • Dear Nokia customers,
    Due to the latest security problems involving our phones and Bluetooh, we recommend you write your complete address book and contacts on a piece of paper and store it in a safe place. Also, since our phones explode [theregister.co.uk] it is best that you stay more than 10 feet away from them at all times. This will ensure both safety of your information on the phone and yourself.

  • well as soon as I can get a "normal" (1) phone with Bluetooth out here in the States, I'll worry about it.

    Winton

    (1) Normal -> one with out a 15" color screen, video camera and gamepad attached.
  • Submitted yesterday to Slashdot at 1200 PST, filed in a locked cabinet in the basement lavatory with a sign stating "BEWARE OF THE LEOPARD" was this posting:
    http://groups.google.com/groups?&selm=4 0 27ef9a.155 09562%40news.individual.de

    AL Digital
    http://www.aldigital.co.uk/
    announced Nokia 6310, 8910 and 8910i mobiles were found to be at greatest risk to having their data copied without the owner's consent with a crack attack over Bluetooth.

    The security papers (links, below) suggest keeping some other mo
  • Damn it... What the hell does this mean ?
    U R OwN3D - R00t
    This is what my poor Nokia has been displaying for the past four days :(
  • nokia handsets have any vulnerabilities?? What a surprise! Wake me when Motorolas will have any.

    For all the history all of Nokia hardware, both wireless radiolinks and consumer electronics, was ultracrappy and vulnerable to anything, even failing when not in use :)

    Just avoid buying crappy things, and will be in safety.

    To those who want to argue - buy ms windows, get on ms .NET, use outlook and explorer and acess your Nokia and pocket pc trough ms briefcase-synchronise-alike tools. All of the mentioned th

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close