Sony Ericsson advises users to turn off Bluetooth
Published: 11 Feb 2004 17:50 GMT
Sony Ericsson has admitted that two of its phones and three Ericsson handsets are vulnerable to a snarfing attack.
The revelation comes just days after Nokia also admitted that some of its handsets have the same problem, which can allow an attacker to copy and copy a phone's contacts book, calendar and other data without requiring the victim to 'pair' with another Bluetooth device.
A Sony Ericsson spokesman said: "It has come to our attention that it is possible for a remote Bluetooth computer to extract personal information from a phone with Bluetooth even if it is un-paired."
The spokesman told ZDNet UK that the problem affects the T610 and T68i handsets as well as the Ericsson T39, R520 and T68 models.
The problem has apparently been fixed in handsets that are sold today, but the spokesman advised customers to ensure they have the latest software in their phones: "Consumers can check which version of the software they have by typing >*<<*<* from the standby screen (the chevrons indicate left and right movements of the mouse button on the phone) and then selecting ServiceInfo/SW then Information from the menus.
If customers find they have the software version "R1A081", the spokesman said they should contact an authorised Sony Ericsson service centre to get their phone upgraded.
Additionally, Sony Ericsson suggests users "set Bluetooth to hide, or simply turn off Bluetooth when it is not being used," as a "preventative action."
Adam Laurie, chief security officer at networking and security firm AL Digital, demonstrated a snarfing attack to ZDNet UK on Wednesday. He was using a Dell Bluetooth-enabled laptop with a Linux operating system running the snarf program he had written.
Laurie is unsure if the security flaw exists in the actual Bluetooth standard or in the handset manufacturers' implementation of it, but as he claims that the attack can only penetrate 80 percent of Bluetooth handsets, it is more likely to be early implementations of the standard that are at fault rather than the standard itself.
According to Laurie, most Bluetooth users shouldn't be overly worried because currently the tools required to launch a snarfing attack are not in the public domain, but he believes it is only a matter of time before they are. Laurie told ZDNet UK: "Someone would not just stumble on this vulnerability, they would have to be looking for it. But now people know that it is possible, they will be looking," he said.
Did you find this article useful?
133 out of 242 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
14 comments
-
So I'm sold a phone because it had Bluetooth - now... Jim Davies -
Can anyone help? I have (finally) managed to... Kay -
Same problem with SE down here. Find a Carphone Wa... Jerry Walker
-
-- allow for some clarity for lay_men covering the... Hon Dr George Krynicki MBA
-
I believe that there is a good protective measure... Jeffrey Schweitzer
-
I can see 2 problems with the E2XBag.
1. While it'... James Hall
-
sony ericsson T610, and t39m cannot operate proper... David a Sinclair
-
Depends upon what problems you are having.
I... Chris Lawrence
-
how the hell do you turn the bluetooth function on... vinny
-
Same here in Sydney. What's even worse is tha... Anonymous
-
my t610 was jacked and kept making calls... Anonymous -
With the 610, snarfing is the least of your proble... John Murray
-
hi i like sony ericcson but way... javed_jaan
-
I hope customers had better luck at finding a cour... annoymous
