Bluetooth phones at risk from 'snarfing'

Bluetooth phones at risk from 'snarfing'

Summary: A serious Bluetooth security vulnerability allows mobile phone users' contact books to be stolen. You've heard of bluejacking - now meet 'bluesnarfing'

TOPICS: Networking

A security flaw has been discovered in Bluetooth that lets an attacker download all contact details along with other information from a vulnerable phone, while leaving no trace of the attack.

Unlike bluejacking, which is where users can send a message to Bluetooth phones without authorisation, this latest discovery for the wireless-data standard allows data, such as telephone numbers and diary entries, stored in a vulnerable device to be stolen by the attacker. The new exploit is called bluesnarfing.

Bluesnarfing is said to affect a number of Sony Ericsson, Ericsson and Nokia handsets, but some models are at greater risk because they invite attack even when in 'invisible mode' -- in which the handset is not supposed to broadcast its identity and should refuse connections from other Bluetooth devices.

Adam Laurie, chief security officer at UK networking and security firm AL Digital, told ZDNet UK that the Nokia 6310, 6310i, 8910 and 8910i models were at greatest risk. "On some models of phone, you are only vulnerable to attack if you are on visible mode; however, there are other models of phones where you are vulnerable even in non-visible mode," he said.

Laurie said he discovered the problem when he was asked to test how safe Bluetooth devices actually were. "Before we deploy any new technology for clients or our own staff, one of my duties is to investigate that technology and ensure it is secure. Actually rolling your sleeves up and looking at it, not just taking the manufacturers' claims at face value. When I did that, I found that it is not secure," he said.

According to Laurie, he can initiate a bluesnarfing attack from his laptop after making a modification to its Bluetooth settings: "It is a standard Bluetooth-enabled laptop and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack and that enables me to perform this attack," he said.

Bluesnarfing has huge potential for abuse because it leave no trace and victims will be unaware that their details have been stolen: "If your phone is in your pocket, you will be completely unaware," he said.

Laurie said he has had trouble getting the major handset manufacturers to admit the problem exists: "I have had experts telling me that it can't possibly exist because they have been trying to do this and failing."

Although the problem may affect other Bluetooth devices, such as laptops, Laurie said they are more difficult to target because the systems are more complex: "Mobiles are liable to be more vulnerable simply because the resources for menus and configuration are limited. Manufacturers try and make Bluetooth simple to use on phones, so you don't have much granularity in setting options. On a lot of phones, Bluetooth is either on or off," he said.

Laurie said that for now, there is no fix available. He said that the only way to be completely safe is to switch off the Bluetooth functionality.

AL Digital has developed several proof-of-concept utilities, but has not released them into the wild, said Laurie. They include: Bluestumbler, to monitor and log all visible Bluetooth devices (name, MAC address, signal strength, capabilities), and identify the manufacturer from MAC address lookup; and Bluesnarf, which can copy data from a target device.

According to the AL Digital's bluestumbler Web site, vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 and Z1010; and Nokia 6310, 6310i, 7650, 8910 and 8910i.

Nokia and Sony Ericsson were not immediately available for comment.

Topic: Networking

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Any chance on some technical information as to how / why the author is able to do this? It seems very far fetched and implausible. Is it that he is a publicity seeker with a rudimentary knowledge of communications?
  • Him and these guys?

    they can't both be wrong, can they?
  • Nokia has admitted its handsets have a problem:,39020330,39145886,00.htm
  • This is some of the worst type of "yellow" journalism that I have ever seen. This article does nothing more than put irrational fear in the minds of users and causes great harm to what is a very useful technology.

    These risks mentioned in your article are HIGHLY OVER STATED. Certainly, if I leave the keys in my car then I suffer a greater risk that the car may be stolen.
    Certainly if I leave my laptop laying around in the airport then I could lose valuable data.

    Do you blame internal combustion technology, do you blame digital technology for these risks. Absolutely not, this is absurd.

    NONE of the so called "attacks" you mention can happen without the cooperation of the user (except Bluejacking, and this causes NO security risk).

    To blame Bluetooth technology for a users failure to secure his data is fear mongering and despicable. I would expect this type of trash from a tabloid in the check out line, but NOT on a WEB site showered with a false air of authenticity.
  • Raxter: can you read? Nokia admits this can happen. get your head out of the sand!
  • I'm not bothered if anyone can see what's on the phone; can the contents of the phone be altered? That'd be the thing that'd do my head in.
  • i work in the cell phone industry and trust me if someone wants to steal my phonebook they would have to be a genius to do, i know customers that can barely get the bluetooth to sync more or less steal someones phonebook, it could happen but i doubt it
  • I am a senior student at The College of Computer Science & Engineering and my senior project on "bluesnarfing". I`ve been searching many sites on bluesnarfing & bluejacking but I couldn`t find source codes of any. So, if any one can give me java source codes or useful links related to this article I would really appreciate his help.
  • to the person who "works for cell phone company".... working as a retail consultant, doesnt mean much about technology and hacking.. sounds like all you know how to do is sell a cheap piece of plastic. :P
  • Has anyone heard of a virus called calibe? i seemed to have picked it up on my nokia handset via bluetooth. At first menu's bring up blank screens, then it drains battery power and eventually shuts down phone. After this you can't switch it back on again. Does anyone know if this can be fixed?
  • My Bluetooth is not working It has some sort of virus that came in to my phone via a message and installed itself as an application , it show's up as CARIBE SIS when the phone is powered up .
    If my bluetooth is turned on it attacks other phone's that have there bluetooth activatedby sending them message after message to gain accsess to the phone in order to install itself in there phone , so i cannot use my bluetooth now for fear of infecting other people's phone's
    I have tried to connect via bluetooth and I just get a message saying I have too many paired device's already , but I only have two paired . can anybody help me with this problem . Thanks Brian . England , West Yorkshire .
  • oh yeah this a link to video hijacking bluetooth phones at the academt awards
  • does anyone know any other method 2 bluejack.the flaw with this method is that it asks the victim wether he/she wants to accept the contact card via bluetooth.most of times nobody replies at all.
  • in reply to the virus CARIBE SIS you can delete it by by master reseting your phone now for those of you who have the cash to get a new/old sim card to do this procedure it is quick effective but costly as you have to go into a mobile phone shop to find out your master reset code my phone picked uyp the virus and i just went to the shop where apon they reset it and it was gone since then my bluetooth is always turned off hope this helps but if it gets past the stage where it looks yopur phone menu's your screwed so u mite as well sit back scream at your phone and bin it hope this helps all yopu who are lost or worried