“One worrying aspect could be the system’s use by paedophiles. They could download all the numbers from a child’s phone then use the numbers for grooming kids.”
I should point out here that Laurie is seeking no financial gain from his disclosures. In the world of computer visionaries, there are good guys and bad guys. He and his brother have been seen as good guys since they made their secure server software available free on the internet. He began investigating mobile phones and Bluetooth simply because he and his 50 employees were using them so much.
“Once I found there was a flaw in the security,” he says, “I wrote some software to show how it could be exploited and I posted my findings (but not the software) on the noticeboard of the Bluetooth Special Interest Group (SIG) website last November.
“I have not shared details of the flaws with anyone, but I believe in full disclosure eventually on principle. Sometimes, this is the only way to make big companies take action. Soon, I will have software ready that can download people’s stored text messages. And I believe there are others out there who are not far behind me who won’t be so principled in how they distribute the software that will enable bluesnarfing.”
When the photographer Matt Writtle and I met Laurie he had been secretly scanning the area, with his laptop hidden in a bag, for 13 minutes. During that time, he had found three Nokia 6310s and three Sony Ericsson T610s that he said were vulnerable to attack. One of the 6310s was Writtle’s.
Within minutes, with the photographer’s permission, he had downloaded all Writtle’s contacts, his entire diary for the past year and one stored photograph. None of this surprised Laurie. He has been conducting tests for months.
When I contacted Sony Ericsson, it acknowledged that there was a flaw and said that all new phones in the future would have security systems to stymie attacks of the type made by Laurie in his tests. Peter Bodor, a spokesman for the company, described suggestions of a problem as “far-fetched” and, even so, he said, free upgrades were available to Sony Ericsson customers at retail outlets. When pressed on this, he said that the solutions would not be available until “the second half of the year”.
Significantly, the company has not asked Laurie for details of his software, so it is difficult to understand how its experts can be sure they will be able to counter it.
Nokia has also acknowledged that some of its phones can be bluesnarfed, but a spokeswoman says that it is “highly unlikely that devices using Bluetooth technology will become broadly exposed to security attacks”. It sent me a statement saying that it is conducting extensive research and development to keep “more than one step ahead of those groups that design and promote malicious or criminal security attacks against mobile devices”.
It appears that the industry is either ignorant of the implications of the failures in security or is playing them down. Jack Wraith, executive secretary of the Mobile Industry Crime Action Forum, at first confused Laurie-style attacks with “bluejacking”, a method of sending messages anonymously between Bluetooth devices. This is a relatively harmless pastime that usually involves users sending rude or flirtatious messages in bars and coffee shops. He correctly pointed out that simply switching off the Bluetooth facility in a user’s phone would solve the problem. But didn’t that defeat the object of using it with computers and hands-free headsets?
Wraith says that more security measures are planned. “Anyone using mobile phones or any technology should be aware of what that particular unit is capable of,” he says. “We fully accept there is a potential threat and have brought that to customers’ notice. There are device settings and locality settings that can safeguard against attacks.” Laurie disputes that.
Bluetooth is not a company but an industry standard representing compatibility between manufacturers and their designs. In a statement, the Bluetooth SIG, which represents 3,000 manufacturers, acknowledges that bluesnarfing is possible — and then it appears to hang Nokia and Sony Ericsson out to dry. The group says: “We would like the industry to understand that this issue is a result of implementation decisions by specific product manufacturers in a limited number of products and is not inherent in Bluetooth wireless technology itself. Upon assessing the risk of bluesnarfing mobile phones known to have this implementation issue, the Bluetooth SIG determines that it is extremely small.”
But that claim is described as “nonsense” by Bruce Schneier, founder of the US-based Counterpane Internet Security. Once described by The Economist as a computer “security guru”, Schneier is the author of Beyond Fear: Thinking Sensibly about Security in an Uncertain World, and is generally regarded among computing’s elite as a hero figure. He was astonished when I told him about the new security problems.
“This is phenomenally important — I simply haven’t heard of anyone actually stealing data from phones before,” he says. “The industry will be trying to play it down right now — that’s what they do best — but I expect widespread panic. This could have disastrous implications for the companies involved.
“Your cellphone is like your communications wallet; you keep all your private and important stuff in there. If bluesnarfing becomes widespread, putting information in it will be a bit like inviting someone to pick your pocket.
“From now on, if you put any private information in your cellphone and you want to use Bluetooth, you must beware. You have to assume you are publishing it to the world — and that it is likely to be used by your worst enemy.”
Are mobile phones secure? E-mail debate@thetimes.co.uk
BLUESNARFING MADE EASY
- On March 19 Laurie sat at Waterloo station in London beween 3.04pm and 4.30pm with his computer switched on. During that time he picked up signals from 170 phones. Of those, 25 Sony Ericsson T610s, 37 Nokia 6310s, five Sony Ericsson Z600s, five Nokia 7650s and two Nokia 8910s were vulnerable to attack
- On March 22 he travelled on the London Underground from Turnham Green to Westminster and back from Victoria to Earls Court. He was scanning for vulnerable handsets in train compartments from 5.16pm to 6.59pm. He homed in on 336 phones. Of those, 53 Nokia 6310s, 44 Sony Ericsson T610s and a smattering of others were open to attack
- On April 5 in Piccadilly Circus, Leicester Square, Trafalgar Square and Charing Cross between 11.23am and 11.52am he homed in on 105 phones. In just half an hour he could have downloaded the information from 37 of them — 22 Nokia and 15 Sony Ericsson. That’s more than one a minute
