THERE IS A SATISFIED, almost mischievous smile on Adam Laurie’s face as his computer scans the ether. “Say hello to the blonde woman over there,” he says. “I think you’ll find that her name is Florence Hughes.”

Perhaps 6m (20ft) away, drinking her Starbucks coffee and working at a laptop, there is, indeed, a blonde. There is something faintly sleazy about what we have just done, so I feel a little embarrassed as I approach her. “Excuse me,” I say. “Is your name Florence? Florence Hughes?”

“Yes,” she replies. She is clearly bemused. “How did you know?”

Though Hughes doesn’t yet know it, this brief encounter represents proof that millions of mobile telephones in the UK are dangerously insecure. Not only were we able to find out her name from the Nokia 6310 on the table beside her, we could have found out the names, phone numbers, e-mail and conventional mail addresses of all her friends and contacts stored on the handset. We could have found out where she had been, where she was planning to go and whom she was planning to meet. If she had had a phone that could receive pictures, we could have taken a peek at those, too. Soon we’ll be able to read all her text messages and, just for fun, send texts through her phone at her expense. It’s illegal under data-protection legislation but, hey, who’d know?

Welcome to the world of bluesnarfing. That is the name Laurie uses for the practice of accessing and stealing information from mobile phones without the owners’ knowledge.

The big phone companies will tell you that Laurie is being alarmist, that they have the situation in hand, that there are new fixes on the way. But I have seen how easily security can be breached — and how widespread the opportunities could become for industrial espionage, crime, terrorism, plain old spying and paedophile grooming.

If Laurie’s predictions come true your phone could soon be used as an open window on your business and private lives. In tests, including two witnessed by me, he is finding hundreds of insecure phones whizzing around him every hour.

First, let us explain who Laurie is and just what he did to Hughes. He is the 42-year-old chairman of AL Digital, a company that produces bespoke secure software and the systems to run it. AL Digital has had several recognised triumphs in the computer industry, including the acquisition of a former Ministry of Defence Nato-standard, nuclear blast-proof underground bunker in Kent. This houses the back-up computer servers of some of Britain’s biggest companies so that they can carry on business should there be civil strife, bombs, fires or power cuts. However, in the world of computing, the Lauries (Adam’s brother Ben in particular) are best known for the creation of Apache-SSL, the most-used secure server software on the web. Hughes did not know Adam Laurie until their paths crossed at Starbucks in Turnham Green, West London, last week, though as a web designer she has probably used the family software. She was simply having a coffee and minding her own business when Laurie walked in, opened up his Dell Latitude D600 laptop and pressed a few keys.

Within seconds his computer had told him how many mobile telephones were in the surrounding area — usually within a few metres, although he has scanned up to 90m — and how many were vulnerable to attack. One of these, lined up on his screen, bore Hughes’s name.

After her initial surprise, I explained what we were doing and she consented to take part in our experiment. Laurie then stole — in computing parlance, “snarfed” — all her contacts and their phone numbers, and accessed her phone’s calendar with its appointments diary. “Oh my God,” said Hughes. “That’s scary. You shouldn’t be able to do that. That shouldn’t be possible.” Indeed it should not.

Here’s what Laurie did: most modern mobile phones operate an industry-standard communications system called Bluetooth that enables users to connect to their laptops or PCs without using cables. Radio transceivers in the chips of Bluetooth devices, including phones, communicate shortwave signals on rapidly hopping frequencies so that they can swiftly exchange data. For security, a connection between two devices, called a pairing, should be achieved only with the invitation and authorisation of the user. But Laurie has found that the systems of authorisation and acceptance in some of Britain’s most popular phones can be bypassed. He has devised software that allows him to use his computer, with a wireless antenna, or “dongle”, to home in on Bluetooth-enabled phones and to connect and suck out their data without the permission of the owners. Hence, bluesnarfing. The phones thought most vulnerable so far, Nokia’s 6310, 6310i, 8910, 8910i and Sony Ericsson’s T610 and T68i, are among their most popular brands: worldwide, Nokia sold 180.7 million mobile phones last year; Sony Ericsson 26.7 million.

Adam Laurie says: “The implications are huge. Imagine your biggest business rival is having its annual sales conference. You park outside and download all the customer details from the entire sales force, the names of their clients, their phone numbers, the names of their contacts and when they plan to meet them next. That’s priceless.

“Terrorists could use the system to gain information on targets. The paparazzi could trail celebrities and find out whom they’re ringing, and, if they use the phone’s calendar facility, who they’re meeting and when. And imagine what pictures they might find stored away.