February 7th, 2004
Bluetooth Flaw
If you have a fancy cell phone with bluetooth, you’d probably should read this and see if you’re at risk:
Serious flaws in bluetooth security lead to disclosure of personal data
There are serious flaws in the authentication and/or data transfer mechanisms on some bluetooth enabled devices. Specifically, two vulnerabilities have been found:
Firstly, confidential data can be obtained, anonymously, and without the owner’s knowledge or consent, from some bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar.
Secondly, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted (“paired”) device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be “backed up” to an attacker’s own system.
Finally, the current trend for “Bluejacking” is promoting an environment which puts consumer devices at greater risk from the above attacks.