Hackers Could Access Nokia Phones

ByABC News
February 20, 2004, 4:12 PM

Feb. 20 -- Cell phone manufacturer Nokia has admitted that several of its Bluetooth-enabled phones are vulnerable to attack, which could result in a hacker gaining access to personal data stored on a targeted phone.

Meanwhile, the Bluetooth Special Interest Group (SIG), which, unlike the Wi-Fi Alliance, doesn't test products for compliance with the Bluetooth standard, says the problem boils down to how a particular wireless device manufacturer uses the Bluetooth specification.

The Nokia phones affected by the security vulnerabilities are models 6310, 6310i, 8910 and 8910i, according to Keith Nowak, a Nokia spokesperson. All four are older models of Nokia phones, adds Nowak, and the only one that sold in the United States was the 6310i. A blog, maintained by Adam Laurie, has been put in place to track news about the vulnerabilities; a list of the affected phones on the site includes several Sony Ericsson phones as well as the Nokia models. (Laurie is a principal at the United Kingdom's A.L. Digital Ltd., which first called attention to the security vulnerabilities.)

The act of exploiting the vulnerabilities has already created new techie slangthe attacks are being dubbed Bluesnarfing. In one strain of Bluesnarfing, a hacker can gain access to the entire phonebook and calendar of a vulnerable phone. In a second strain, a phone can be used to "pair" with another phone to gain access to phonebook data, calendar data, and even e-mail and photos.

"We suggest two things if you own one of the affected models," says Nokia's Nowak. "There's no real patch to make this go away. But you don't want to accept a pairing from somebody you don't know. And if you're at, say, a trade show where there might be a lot of other people who have Bluetooth devices, it may make sense to turn the Bluetooth off." Nowak says Nokia has looked at its newer model phones and has not found them to be vulnerable.

"We are not aware of any fixes for the snarf attack at this time other than to switch off Bluetooth," states Laurie's blog. More information is available at his blog site.