- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Be careful the next time you turn on your Bluetooth-enabled phone: You could unknowingly be opening the door to a nasty intruder who could steal confidential information such as your address book or even use your phone to make expensive calls.
Security experts in the U.K. have discovered serious flaws in some Bluetooth-enabled phones, prompting one supplier of the vulnerable phones, Nokia, to recommend precautionary measures.
"We have developed a tool that allows us to connect to a number of Bluetooth-enabled phones and download all sorts of confidential information, such as address books, calendars and other attachments without going through the normal pairing, or handshaking, process between devices," said Adam Laurie, technical director and co-founder of A.L. Digital in London. "In fact, we have been able to obtain this confidential data without giving users any indication whatsoever that an intrusion is taking place."
A.L. Digital has discovered security flaws in four Nokia phone models: 6310, 6310(i), 8910 and 8910(i).
Janne Ahlberg, manager of technology platforms at Nokia, confirmed on Wednesday that these models are susceptible to potential attacks. Users of these phones in public places, he recommended, should either switch their phone to the "non-discoverable" or hidden mode, making them invisible to others, or turn off the Bluetooth functionality completely. Users should also check that their Bluetooth "pairings," or approved connections with trusted partners, are correct.
The U.K. security company detected similar flaws in phones manufactured by Sony Ericsson Mobile Communications. The Sony Ericsson models include the R520, T68i, T610 and Z1010.
Sony was unavailable for immediate comment.
Bluetooth technology allows users to swap data between mobile phones, PDAs, notebook computers and a string of other devices within a few meters of each other. It is becoming a standard feature of many high-end devices.
Until now, the only known Bluetooth security shortcoming has been "bluejacking," an increasingly popular means of exchanging short three- or four-word messages in the display area designated for the name of the initiating device, according to Laurie. The process, essentially, allows communication to take place without pairing, which requires partners to exchange a personal identification number to establish a connection.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment