bluetooth and security

Hi all!

Lately I've heard a lot about security leaks in bluetooth phones like
the SonyEricsson T610 e.g.. I've been told that without obvious pairing
people can use your phone for making calls or sending SMS or "download"
your addressbook. Of course I use "hidden mode" for BT, but that just
makes it more difficult yet not impossible.
What do you guys think about that? Do you switch of BT?


Thanks in advance
Daniel

Hi Daniel,

Daniel Brose schrieb:

> Hi all!
>
> Lately I've heard a lot about security leaks in bluetooth phones like
> the SonyEricsson T610 e.g.. I've been told that without obvious pairing
> people can use your phone for making calls or sending SMS or "download"
> your addressbook. Of course I use "hidden mode" for BT, but that just
> makes it more difficult yet not impossible.
> What do you guys think about that? Do you switch of BT?

From my understanding, running your BT phone in "non-discoverable mode"
(this is probably what you call "hidden mode") is sufficient. Guessing
the BT address (with "Redfang" or sth. comparable") takes (based on my
tests) about 20 secs per probed address. However, there is an address
space of (at least) 256 ^ 3 addresses (given the manufacturer of your
phone is known to the attacker). So you averagely need 256 ^ 3 * 20 secs
/ 2 = 5 years to find the address of a non-discoverable phone. This is
totally unrealistic.

I'm wondering whether anybody here has made other experiences with
"Redfang" that would make this tool appear more realistic.

Without knowing your device address an attacker is not able to attack
your non-discoverable BT phone.


Michael

--
Michael Schmidt
University of Siegen, Germany
http: www.nue.et-inf.uni-siegen.de/~schmidt/
e-mail: schmidt _at_ nue.et-inf.uni-siegen.de

Hello,

> From my understanding, running your BT phone in "non-discoverable
> mode"
> (this is probably what you call "hidden mode") is sufficient. Guessing

yes, "hidden mode" should be ok.

> I'm wondering whether anybody here has made other experiences with
> "Redfang" that would make this tool appear more realistic.

not really

> Without knowing your device address an attacker is not able to attack
> your non-discoverable BT phone.

exactly!


.... Collin

--
Collin R. Mulliner <collin@betaversion.net>
bluetooth device security database - http://betaversion.net/btdsd/

Hi all,

Collin R. Mulliner schrieb:
>>Without knowing your device address an attacker is not able to attack
>>your non-discoverable BT phone.
>
> exactly!

thanks a lot for your answers! I feel relieved now... :-)


Regards
Daniel

There is a firmware version that correct the t610 behaviour, since the
weakness is in the implementation anche not intrinsic in the bluetooth
protocols.

In italy formware update is free under warranty
Regards.


"Daniel Brose" <Daniel.Brose@bur-kg.de> ha scritto nel messaggio
news:2gs64vF652t0U1@uni-berlin.de...
> Hi all!
>
> Lately I've heard a lot about security leaks in bluetooth phones like
> the SonyEricsson T610 e.g.. I've been told that without obvious pairing
> people can use your phone for making calls or sending SMS or "download"
> your addressbook. Of course I use "hidden mode" for BT, but that just
> makes it more difficult yet not impossible.
> What do you guys think about that? Do you switch of BT?
>
>
> Thanks in advance
> Daniel
>