Bluesnarfing
By Justin Ried, Tue Feb 10 12:30:00 GMT 2004

On the heels of yesteryear's bluejacking brouhaha, mobility's most bored have got yet another nefarious time-waster to engage in: Bluesnarfing.


While bluejacking served the relatively benign purpose of sending anonymous notes and business cards to handsets, bluesnarfing allows a user to pull data - including notes, calendar data and business cards - from another user's device without that user's knowledge or consent.

It was Adam Laurie, chief security officer at UK networking and security firm AL Digital who discovered the flaw, which affects devices manufactured by multiple vendors including Nokia and Sony Ericsson. Using no special equipment, he modified the Bluetooth software in his laptop and the used it to find the exploit.

"It is a standard Bluetooth-enabled laptop and the only special bit is the software I am using in the Bluetooth stack. I have a modified the Bluetooth stack and that enables me to perform this attack," he said.

Prompted by this morning's ZDNet UK article on bluesnarfing, Nokia officials have subsequently confirmed that a few of the company's older models are vulnerable. Sony Ericsson has not yet confirmed vulnerabilities exist in its handsets, but the company continues to investigate.