Sony Ericsson has admitted that two of its phones and three Ericsson handsets are vulnerable to a snarfing attack.
The revelation comes just days after Nokia also admitted that some of its handsets have the same problem, which can allow an attacker to copy and copy a phone's contacts book, calendar and other data without requiring the victim to 'pair' with another Bluetooth device.
A Sony Ericsson spokesman said: "It has come to our attention that it is possible for a remote Bluetooth computer to extract personal information from a phone with Bluetooth even if it is un-paired."
The spokesman told ZDNet UK that the problem affects the T610 and T68i handsets as well as the Ericsson T39, R520 and T68 models.
The problem has apparently been fixed in handsets that are sold today, but the spokesman advised customers to ensure they have the latest software in their phones: "Consumers can check which version of the software they have by typing >*<<*<* from the standby screen (the chevrons indicate left and right movements of the mouse button on the phone) and then selecting ServiceInfo/SW then Information from the menus.
If customers find they have the software version "R1A081", the spokesman said they should contact an authorised Sony Ericsson service centre to get their phone upgraded.
Additionally, Sony Ericsson suggests users "set Bluetooth to hide, or simply turn off Bluetooth when it is not being used," as a "preventative action."
Adam Laurie, chief security officer at networking and security firm AL Digital, demonstrated a snarfing attack to ZDNet UK on Wednesday. He was using a Dell Bluetooth-enabled laptop with a Linux operating system running the snarf program he had written.
Laurie is unsure if the security flaw exists in the actual Bluetooth standard or in the handset manufacturers' implementation of it, but as he claims that the attack can only penetrate 80 percent of Bluetooth handsets, it is more likely to be early implementations of the standard that are at fault rather than the standard itself.
According to Laurie, most Bluetooth users shouldn't be overly worried because currently the tools required to launch a snarfing attack are not in the public domain, but he believes it is only a matter of time before they are. Laurie told ZDNet UK: "Someone would not just stumble on this vulnerability, they would have to be looking for it. But now people know that it is possible, they will be looking," he said.
Talkback
So I'm sold a phone because it had Bluetooth - now I'm advised to switch Bluetooth off. When I ask Sony Ericsson customer services what to do - it turns out I have a choice of 3 places in London to take the phone to (with my receipt) to get the upgrade. It can't be downloaded - nor can exchange of the defective phone be made by courier or post. I'm visiting Wales this week - so adked if there was anywhere I could do it there - apparently there are no service centres in Wales! Sony Ericsson has produced a phone that is defective and not fit for purpose - yet seems to think that we the buyers should go (quite a distance) out of our way to sort it out. It is a very shabby example of "customer service".
Same problem with SE down here. Find a Carphone Warehouse service centre (list on their website). They'll do software upgrades free if the phone's in warranty even if you didn't buy it there - same day if they're not too busy. And no, I don't work for them.
-- allow for some clarity for lay_men covering the defiintions - ao- of:
SNARFING and BLUE_JACKING - e.g.
as those terms would appear in a legal Court -be it a US_court and/or british court and/or german/french/scandinavian/spanish Court .. and so forth!
Rgds
GYK
I believe that there is a good protective measure on the market. When you want to ensure maximum protection, use an E2X bag. They are at www.e2xgear and originate from technology used to counter electronic espionage efforts directed against the US intelligence community.
Since the manufacturers of wireless technologies seem uninterested in correcting product design vulnerabilities, it may be necessary for consumers to step in and take measures to ensure their privacy is protected. One thing is for certain, this is only the beginning of privacy issues for consumers who find wireless electronics becoming an integral part of daily life.
I can see 2 problems with the E2XBag.
1. While it's in there, you won't be able to recieve incoming calls or text messages.
2. If you don't turn it off before putting it in there, the phone will constantly be trying to find a network, so you'll find your battery going flat in no time.
For the same "protection" that it offers, simply turn the phone off.
If you are worried about snarfing or bluejacking, it's very simple to set your Bluetooth configuration to hide the phone. In that way, only devices paired with it will be able to see it.
sony ericsson T610, and t39m cannot operate properly with BMW bluetooth prep, does anyone know why and what phone does
Depends upon what problems you are having.
I have two T610s which connect OK in an X5 4.6iS.
Pairing and normal use is OK but sometimes I have little problems with connections.
Have you managed to pair the devices at all?
how the hell do you turn the bluetooth function on the t610 help
Same here in Sydney. What's even worse is that the customer service said they know nothing of the problem and told me just to accept the fact that there's a vulnerability. They said I can get a software upgrade if I want to but at a charge since my T610 is out of warranty. This doesn't make sense coz it's not something I've done that make the phone defective. They should replace the software for free.
my t610 was jacked and kept making calls on its own. o2 was not aware of any problem and sent my phone off for repair. it came back and the same problem was still there. in the end they replaced my phone with a different model . so far its been ok
With the 610, snarfing is the least of your problems. Mine crashes the software whenever it gets a busy tone,- the only solution is to remove and re-insert the battery. Very poor firmware. Don't they beta-test this stuff?
hi i like sony ericcson but way...
Can anyone help? I have (finally) managed to download a tune onto my K750i phone - it is saved in the "Other" file. Does anyone know how I can make this the ringtone?
I hope customers had better luck at finding a courteous and helpful customer rep at sony ericsson. My experience was not that good on my first call, in fact the guy was so rude, I asked where the office he worked in was located. I did call back and got someone much nicer, its just the bad taste you get when you think how you can be treated.