Bluetooth Snarfing
- 2
- Add a Comment
A security flaw has been discovered in Bluetooth that lets an attacker download all contact details along with other information from a vulnerable phone, while leaving no trace of the attack.Unlike bluejacking, which is where users can send a message to Bluetooth phones without authorization, this latest discovery for the wireless-data standard allows data, such as telephone numbers and diary entries, stored in a vulnerable device to be stolen by the attacker. The new exploit is called bluesnarfing.
Bluesnarfing is said to affect a number of Sony Ericsson, Ericsson and Nokia handsets, but some models are at greater risk because they invite attack even when in ‘invisible mode’ — in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.
Nokia 6310, 6310i, 8910 and 8910i models were at greatest risk. “On some models of phone, you are only vulnerable to attack if you are on visible mode; however, there are other models of phones where you are vulnerable even in non-visible mode
when the problem was discovered I decided to test how safe Bluetooth devices actually were. “Before the company would deploy any new technology for clients or their staff, so I investigate that technology and ensure it is secure. Actually rolling your sleeves up and looking at it, not just taking the manufacturers’ claims at face value. When I did that, I found that it is not secure.
bluesnarfing attack from my laptop after making a modification to its Bluetooth settings: “It is a standard Bluetooth device and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack and that enables me to perform this attack.
One bad thing about Bluesnarfing is it has huge potential for abuse because it leave no trace and victims will be unaware that their details have been stolen: “If your phone is in your pocket, you will be completely unaware and their would be nothing you could do. I have been having trouble getting the major handset manufacturers to admit the problem exist
Check this to see if you Cell phones are vulnerable:
| Vulnerability Matrix (* = NOT Vulnerable) | ||||||
| Make | Model | Firmware Rev | BACKDOOR | SNARF when Visible |
SNARF when NOT Visible |
BUG |
| Ericsson | T68 | 20R1B 20R2A013 20R2B013 20R2F004 20R5C001 |
? | Yes | No | No |
| Sony Ericsson | R520m | 20R2G | ? | Yes | No | ? |
| Sony Ericsson | T68i | 20R1B 20R2A013 20R2B013 20R2F004 20R5C001 |
? | Yes | ? | ? |
| Sony Ericsson | T610 | 20R1A081 20R1L013 20R3C002 20R4C003 20R4D001 |
? | Yes | No | ? |
| Sony Ericsson | T610 | 20R1A081 | ? | ? | ? | Yes |
| Sony Ericsson | Z1010 | ? | ? | Yes | ? | ? |
| Sony Ericsson | Z600 | 20R2C007 20R2F002 20R5B001 |
? | Yes | ? | ? |
| Nokia | 6310 | 04.10 04.20 4.07 4.80 5.22 5.50 |
? | Yes | Yes | ? |
| Nokia | 6310i | 4.06 4.07 4.80 5.10 5.22 5.50 5.51 |
No | Yes | Yes | Yes |
| Nokia | 7650 | ? | Yes | No (+) | ? | No |
| Nokia | 8910 | ? | ? | Yes | Yes | ? |
| Nokia | 8910i | ? | ? | Yes | Yes | ? |
| * Siemens | S55 | ? | No | No | No | No |
| * Siemens | SX1 | ? | No | No | No | No |
| Motorola | V600 (++) | ? | No | No | No | Yes |
| Motorola | V80 (++) | ? | No | No | No | Yes |
+ We now believe the 7650 is only vulnerable to SNARF if it has already been BACKDOORed.
++ The V600 and V80 are discoverable for only 60 seconds, when first powered on or when this feature is user selected, and the window for BDADDR discovery is therefore very small. Motorola have stated that they will correct the vulnerability in current firmware.
By cr4sh0verr1d3
2 Comments
angie
February 20th, 2008
at 12:04pm
Good job on the Story.
News » Bluesnarfing - Should We Worry?
July 24th, 2008
at 2:25am
[…] Bluetooth Snarfing […]