By Munir Kotadia, 12 February 2004 09:05
NEWS Sony Ericsson has admitted that two of its phones and three Ericsson handsets are vulnerable to a snarfing attack.
The revelation comes just days after Nokia also admitted that some of its handsets have the same problem, which can allow an attacker to copy a phone's contacts book, calendar and other data without requiring the victim to 'pair' with another Bluetooth device.
A Sony Ericsson spokesman said: "It has come to our attention that it is possible for a remote Bluetooth computer to extract personal information from a phone with Bluetooth even if it is un-paired."
The spokesman said the problem affects the T610 and T68i handsets as well as the Ericsson T39, R520 and T68 models.
The problem has apparently been fixed in handsets that are sold today, but the spokesman advised customers to ensure they have the latest software in their phones: "Consumers can check which version of the software they have by typing >*<<*<* from the standby screen [the chevrons indicate left and right movements of the mouse button on the phone] and then selecting ServiceInfo/SW then Information from the menus.
If customers find they have the software version "R1A081", the spokesman said they should contact an authorised Sony Ericsson service centre to get their phone upgraded.
Additionally, Sony Ericsson suggests users "set Bluetooth to hide, or simply turn off Bluetooth when it is not being used," as a "preventative action".
According to Adam Laurie, chief security officer at networking and security firm AL Digital, most Bluetooth users shouldn't be overly worried because currently the tools required to launch a snarfing attack are not in the public domain, but he believes it is only a matter of time before they are.
Laurie said: "Someone would not just stumble on this vulnerability, they would have to be looking for it. But now people know that it is possible, they will be looking."
Munir Kotadia writes for ZDNet UK
Comments
There are 2 comments. Join the discussion
1. Jim Davies
Sony Ericsson UK service centre say they know nothing about this story - they even looked it up online whilst talking to me. Great internal communications - not to mention the suggested solutions - either return the phone by post or travel to one of their few and far between service centres. Not good enough!
2. Jonathan C
hello i am kind of new to bluetooth BUT i know a lot about it . I own a Sony Ericsson T610 DA BEST and i can Bluesnarf from my mobile . When I Add the Other Bluetooth enabled Phone and hen try to access the phone it asks for a pass code and then i put in any easy under 4 digit number and tell the person to accept it and press the same number in thir phone then i can access all of there files including photos,games,sounds,messages,contacts from thir phonebook and i can take it without them knowing . It is very dangerous if you have bluetooth on at all times if you have info on your phone that you dont want to share. When I access a phone from my T610 I can not delete anything tho .
If you need help on your Sony Ericsson T610 to delete the predefined items or anystuff or you want to tell me something about Sony Ericsson or the T610 then please contact me at Toxicjjc@aol.com