Bluetooth phones could leak data

Many of the most popular models of Bluetooth-enabled cell phones can be hacked easily, enabling a malicious hacker to steal phone books, images, calendar information, or virtually anything else stored on the phone, say a pair of security experts.

Adam Laurie, chief security officer and director of AL Digital and the Bunker, a secure Web hosting facility in Europe, and Martin Herfurt, a researcher at Salzburg Research, described the danger at a session Friday at the Defcon 12 conference in the US.

The pair demonstrated how software tools they created give them virtually total control over Bluetooth phones from a wide range of handset manufacturers, including Nokia, Sony Ericsson Mobile Communications, and TDK.

Widespread Vulnerabilities

Herfurt demonstrated three different ways to attack a phone: He could send unsolicited text messages to the phone's screen, download all the data stored on a phone (or manipulate the data on the phone itself), and turn the phone into a roaming bug by forcing a targeted phone to call another phone.

This last attack, which the pair call "BlueBugging," is potentially the most damaging because once the attacker initiates a call on the victim's phone, there's no need to stay within Bluetooth range, typically about 30 feet. The target need only be in a phone service area to be exploited.

This kind of attack could also be used to commit fraud, according to Laurie. For example, an attacker could force victims' phones to dial a phone service that bills the victim per call or per minute.

Increasingly, "phones are being used as portable data stores" for information such as passwords, PIN numbers, and other sensitive data, Laurie added--another danger if a phone can be hacked.

"Fifty to seventy percent of the phones we see are vulnerable" to at least one of the three types of hacking attacks, Laurie said. He said security researchers from computer security consulting firm @stake has further uncovered flaws in Bluetooth encryption, which could make the danger worse. Bluetooth adoption is growing, especially in Europe.

"If we can implement (@stake researcher) Ollie Whitehouse's cracks, any Bluetooth phone would be vulnerable," Laurie said.

Vulnerable by Default

Many users set their phones on what hackers call promiscuous mode in order to use Bluetooth accessories, such as headsets, but carelessly leave it in that mode, he noted. Also, many manufacturers set promiscuous mode as the default, to help customers quickly and easily connect accessories or devices.

Data theft using Bluetooth is especially hazardous because "you don't have to be visible to the person you're targeting," Laurie said. He found that he could connect to many Bluetooth devices well beyond the usual range of the wireless technology: Using just a small dongle on his laptop increased the range to about 40 meters, and some high-gain antennas could stretch communications to 90 meters.

The pair tested the data theft portion of their research only on phones they owned, for legal reasons.

In their Defcon presentation, demonstrating how to steal a phone book, they connected to a Nokia phone that briefly displayed a telltale message on screen but made no sound. If the owner isn't looking at the phone's screen at the moment an attacker connects, it probably won't be apparent that the phone is compromised.

In the Field

Several handset manufacturers dismissed his claims as far-fetched, which prompted him to do field research, Laurie said.

In one experiment, he ran his original Bluetooth intrusion program on his laptop while standing on the platform of a London Underground subway station during rush hour. He detected 336 Bluetooth-enabled phones, and deemed 77 of them "definitely vulnerable" to one or more of the attack methods. Laurie deemed a phone vulnerable if he was able to recognize the phone's default Bluetooth name, which a user can change.

Later, he conducted the same experiment inside the British Houses of Parliament. His laptop was X-rayed at security checkpoints, but he then wandered through the halls of government and discovered four vulnerable phones within 14 minutes.

Phone manufacturers have a duty both to their customers and -- with public companies -- to shareholders to make a safe and secure product, Laurie said.

"Manufacturers who knowingly ship phones with problems have broken their fiduciary duty by doing so," Laurie added.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?