Adam Laurie, technical director and co-founder A.L. Digital, is already
on record as saying some bluetooth-enabled devices have serious flaws. Other have disagreed - vehemently - but Laurie may have made his point at the recent the Black Hat and DefCon security and hacker conferences in Las Vegas.
data can be obtained, anonymously, and without the owner's knowledge or
consent, from some bluetooth enabled mobile phones," said Laurie in February. "This data includes, at least, the entire phonebook and calendar, and the phone's IMEI."
"An attacker could even plant phony text messages in a phone's memory,
or turn the phone sitting in a victim's pocket or on a restaurant table
top into a listening device to pick up private conversations in the
phone's vicinity," without leaving a trace, says Wired News' Kim Zetter
going on that experiments, one using a common laptop and another using
a prototype Bluetooth 'rifle that captured data from a mobile phone a
mile away, prove such attacks aren't so far-fetched."
the shooting were Laurie and Martin Herfurt with Laurie modifying
Bluetooth settings on a standard Bluetooth-enabled laptop to conduct
the data-collection attacks, says Zetter.
researcher Herfurt developed a program called Bluebug that could turn
certain mobile phones into a bug to transmit conversations in the
vicinity of the device to an attacker's phone.
BlueSniper 'rifle,' created by John Hering and colleagues at Flexilis
as a proof-of-concept device, resembles a rifle, she says, continuing:
has a vision scope and a yagi antenna with a cable that runs to a
Bluetooth-enabled laptop or PDA in a backpack. Aiming the rifle from an
11th-floor window of the Aladdin hotel at a taxi stand across the
street in Las Vegas, Hering and colleagues were able to collect phone
books from 300 Bluetooth devices. They bested that distance and broke a
record this week by attacking a Nokia 6310i phone 1.1 miles away and
grabbing the phone book and text messages."
The BlueSniper rifle is probably something Chinese authorities could use
Without Borders says China's Venus info Tech Ltd claims to have
permission from the Public Security Ministry to market its real-time
surveillance system for SMS (mobile phone text) messages, going on:
"The new technology will allow the authorities to filter messages using key words and to pinpoint 'reactionary' text-senders."