[ISN] Mobile flaws expose executives to bugging

InfoSec News isn at c4i.org
Fri Apr 30 00:30:16 PDT 2004 

http://business.timesonline.co.uk/article/0,,8209-1092789,00.html

By Steve Boggan
April 30, 2004

EXECUTIVES at some of Britain's biggest companies are using mobile
phones that can be secretly tracked and bugged, despite a series of
Times investigations demonstrating gaping holes in handset security.

During tests at the offices of Shell, BP, HSBC and Goldman Sachs, The
Times identified 95 phones potentially vulnerable to a new form of
hacking known as "bluesnarfing".

Under the process, which threatens mobile phones that use Bluetooth
wireless technology, hackers can download text messages, phone lists
and even remotely tamper with handsets to enable them to be used as
listening devices.

Last week The Times identified 46 phones that could have been
vulnerable to attack during a 12-minute test in the central lobby of
the Palace of Westminster.

During our latest experiment, we had the ability to access the phone
of a Shell employee supplying aviation fuel to aircraft companies and
bug the handsets of chauffeurs driving executives. At the offices of
Shell, a passive scan showed that 19 phones would have accepted an
unauthorised Bluetooth connection. None was made, to avoid
infringement of the Computer Misuse Act.

Of these, 13 were Nokias and five were Ericssons. The Nokia 6310 and
6310i, the most popular business phones in the UK, and the Ericsson
T610, one of the best-selling picture phones, have proved to be the
most insecure.

Outside, a group of chauffeurs were waiting in seven identical and
consecutively-numbered Volvos. An attack on any of their phones would
have allowed us to set up a divert to a handset of our choice. We
could then have instructed their phones to call us secretly, leaving a
channel open through which we could have heard executives
conversations in the cars.

At BPs office in St Jamess Square, Westminster, we identified 24
potentially vulnerable phones while at Goldman Sachs in Fleet Street,
the figure was 35 phones.

We scanned in a smoking area outside the offices of HSBC in Canary
Wharf during a ten-minute period. Seventeen potentially vulnerable
phones were identified.

The latest cause for concern involving the Nokia 6310s and Sony
Ericsson T610s involves secret tracking. Commercial companies offer
phone tracking services to businesses and individuals who want to
locate sales forces quickly. An SMS message is sent to the relevant
mobile phone with an activation code. Once activated, the phones
location is shown on an internet website map.

Bluesnarfing allows the activation code to be diverted to an attacker,
so that an account is set up without the handset owners knowledge. He
or she could then be tracked, without their knowledge, 24 hours a day.

Nokia admits there are problems with its 6310s and 8910s but says it
is working on a solution that will be available to users from this
summer. Sony Ericsson says it has cured the text message and divert
problems in new phones but phone lists, calendars and pictures can
still be accessed. It promises a cure for that problem in the second
half of the year.

Shell and BP said they never commented on security; Goldman Sachs was
aware of the problem and had issued advice to staff; and HSBC said its
technical staff were looking into the problem.



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org

--- end forwarded text



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list