We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.
Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]
|
Bluetooth extractions Here is a new hack that has been making the rounds of the computer security community. It seems bluetooth lays many very common mobile phones wide open to one or more attacks. On at least one Nokia (the very one I have in fact), someone walking past you on the street can lift your entire address book and calendar even if your Bluetooth setting is HIDDEN. There are other sorts of possible abuse as well: read the article.
No, I did not get caught out. I spend too much time in bad company to trust any system which hasn’t been source-code audited by people I trust. Since mobile phones are all based on proprietary code, I have always taken the precaution of only enabling such features (on mobiles or other systems) during time of use.
For those of you who religiously follow slashdot, this is probably not news. Most of our readers are not engineers so this may be news to them.
If you have bluetooth, turn the bloody thing OFF!!!!
|
Who Are We? The Samizdata people are a bunch of sinister and heavily armed globalist illuminati who seek to infect the entire world with the values of personal liberty and several property. Amongst our many crimes is a sense of humour and the intermittent use of British spelling.
We are also a varied group made up of social individualists, classical liberals, whigs, libertarians, extropians, futurists, ‘Porcupines’, Karl Popper fetishists, recovering neo-conservatives, crazed Ayn Rand worshipers, over-caffeinated Virginia Postrel devotees, witty Frédéric Bastiat wannabes, cypherpunks, minarchists, kritarchists and wild-eyed anarcho-capitalists from Britain, North America, Australia and Europe.
|
Intertesting. I have Bluetooth on much of the time with my Sony Ericsson and PowerBook G4. Have run a few tests to informally check security and nothing of interest was noted. Wonder if the diff is in manufacturers or the protocol itself?
I also walk around with WiFi (g) turned on much of the time. I have “scrambler” software (a beta with NDA; don’t ask) that constantly changes the WiFi (or Airport Extreme for those who recall that Apple first introduced both b & g) although I know it still has problems, but the software monitors up/downstream and usually notes “borrowers” (or attempts) and posts an alert.
Too many electronic gadgets. And they talk too often to those not intended by their owners. (Hmm…just tried a scan of the SE phone with several other devices, primarily my PowerBook, and they see the phone but when it’s in “lock down” mode they see nada in the way of data. One device tried is a special Blue Tooth scanner of some sort I borrowed from the IT guy I happen to be visiting presently. He said it’s rather pricey and he uses it to check to see if laptops, printers, phones, et al are working correctly. More testing required.)
Thanks for tip. Am forever watching Airport (b)/Airport Extreme(g) but have been doing little more with BlueTooth than syncing the phone’s data and a bit of printing.
Since Mac OSX 10.3.3 does have Apple’s Rendezvous technology it can easily find any Bluetooth device within range almost instantaneously. I could use the phone and could connect to the net, but couldn’t access any of its stored data which includes a good deal more than an address book. Will have to get with a Linux friend who has a late model Nokia and see what his experience has been.
(The IT manager says a PowerBook equipped with BlueTooth is easier to use, but his gizmo apparently provides more info with regard to sensitivity and distance.)
Am assuming your use of Windows. If not please clarify.
The bottom line is that Bluetooth, wi-fi et al. are radio-based, and are about as secure and private as CB ever was.
If you really want to use anything like this, do some research and follow the security tips you can get on-line. Consider buying a guide on how to set them up securely.
Ask yourself what’s the worst that could happen if someone a) copied b) erased c) altered the information you keep on whatever wireless-enabled device you’re using. Is it your information, or could it belong to your employer? Have you signed up to anything promising to look after it?
One of my father ‘s little sayings from his time in the war was, “It’s not the one with your name on it you need to worry about; it’s the ones marked “To whom it may concern”. The current state of the Internet and the phone markets means there’s a veritable shitstorm of stuff marked “To whom it may concern” out there…
According to the article it is just some mobiles which are wide open; bluetooth on laptops is not necessarily at risk.
And as you mention, 802.11 (WiFi to the nontechs) is inherently flawed from a security viewpoint. To my knowledge, *all* WiFi is crackable no matter what settings you use. I’ve got a number of papers on the topic from a few years ago… and I have not heard of any major changes to the standard that would fix it.
To my knowledge, *all* WiFi is crackable no matter what settings you use.
I’ve got friends who claim it can be fine, but you need to use large encrypt keys.
Wrt Bluetooth I am always amazed at the number of Bluetooth devices which appear if you do a discover in a public place. I keep it turned off unless I’m actually using it for something.