http://business.timesonline.co.uk/article/0,,8209-1092789,00.html By Steve Boggan April 30, 2004 EXECUTIVES at some of Britain's biggest companies are using mobile phones that can be secretly tracked and bugged, despite a series of Times investigations demonstrating gaping holes in handset security. During tests at the offices of Shell, BP, HSBC and Goldman Sachs, The Times identified 95 phones potentially vulnerable to a new form of hacking known as "bluesnarfing". Under the process, which threatens mobile phones that use Bluetooth wireless technology, hackers can download text messages, phone lists and even remotely tamper with handsets to enable them to be used as listening devices. Last week The Times identified 46 phones that could have been vulnerable to attack during a 12-minute test in the central lobby of the Palace of Westminster. During our latest experiment, we had the ability to access the phone of a Shell employee supplying aviation fuel to aircraft companies and bug the handsets of chauffeurs driving executives. At the offices of Shell, a passive scan showed that 19 phones would have accepted an unauthorised Bluetooth connection. None was made, to avoid infringement of the Computer Misuse Act. Of these, 13 were Nokias and five were Ericssons. The Nokia 6310 and 6310i, the most popular business phones in the UK, and the Ericsson T610, one of the best-selling picture phones, have proved to be the most insecure. Outside, a group of chauffeurs were waiting in seven identical and consecutively-numbered Volvos. An attack on any of their phones would have allowed us to set up a divert to a handset of our choice. We could then have instructed their phones to call us secretly, leaving a channel open through which we could have heard executives conversations in the cars. At BPs office in St Jamess Square, Westminster, we identified 24 potentially vulnerable phones while at Goldman Sachs in Fleet Street, the figure was 35 phones. We scanned in a smoking area outside the offices of HSBC in Canary Wharf during a ten-minute period. Seventeen potentially vulnerable phones were identified. The latest cause for concern involving the Nokia 6310s and Sony Ericsson T610s involves secret tracking. Commercial companies offer phone tracking services to businesses and individuals who want to locate sales forces quickly. An SMS message is sent to the relevant mobile phone with an activation code. Once activated, the phones location is shown on an internet website map. Bluesnarfing allows the activation code to be diverted to an attacker, so that an account is set up without the handset owners knowledge. He or she could then be tracked, without their knowledge, 24 hours a day. Nokia admits there are problems with its 6310s and 8910s but says it is working on a solution that will be available to users from this summer. Sony Ericsson says it has cured the text message and divert problems in new phones but phone lists, calendars and pictures can still be accessed. It promises a cure for that problem in the second half of the year. Shell and BP said they never commented on security; Goldman Sachs was aware of the problem and had issued advice to staff; and HSBC said its technical staff were looking into the problem. _________________________________________ ISN mailing list Sponsored by: OSVDB.org --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'