Bluetooth May Put You At Risk of Getting 'Snarfed'
If you spot someone tailgating you on the road or standing next to you wearing a backpack, then watch out: You may have been "snarfed." All the data on your cellphone, including addresses, calendars, whom you called and who called you, may now be in that person's computer.
Many cellphones use Bluetooth technology, which allows them to communicate wirelessly with other Bluetooth-equipped devices -- computers, personal-digital assistants and other cellphones. This means you don't need a cable, for example, to synchronize the address books on your laptop and your cellphone. It is convenient, but that makes it possible for someone to steal your data, or even hijack your cellphone for their own purposes.
Last year, London security consultant AL Digital spotted flaws in the way some Bluetooth cellphones swapped data with one another -- flaws that could be used to gain unauthorized access to everything stored on that phone without the user ever knowing. AL Digital's Adam Laurie, who discovered the problem, shared his findings with cellphone makers and with the public (leaving out the detail that might allow ne'er-do-wells to copy his experiments at street level). He termed the trick Bluesnarfing.
Not a lot has happened since then. Nokia Corp., the market leader in the cellphone industry, acknowledges the flaw but says in an e-mail response to questions that it is "not aware of any attacks against Bluetooth-enabled phones." Sony Ericsson, a joint venture of Telefon AB L.M. Ericsson and Sony Corp., didn't reply to an e-mail. Even those highlighting the danger say they haven't heard of specific attacks.
Still, these attacks -- also known as Bluejacking -- nevertheless are possible. Mr. Laurie cites a scenario in which paparazzi could steal celebrity data. He says he was able, with permission, to snarf from a friend's phone details of her company's shops, door codes and safe combinations. "There's any number of angles you can look at, and they are all bad as far as I can see," he says.
Martin Herfurt, a 27-year-old German student at Salzburg's Research Forschungsgesellschaft, last month set up a laptop at a technology trade fair in Hannover, Germany, and ran a snarf attack. He found nearly 100 cellphones from which he could have stolen data, sent text messages or even made calls. He has published his findings to prove that this kind of thing can be done easily.
How does it work? The attacker can use a Bluetooth-enabled laptop to discover other Bluetooth gadgets within range. Anything with Bluetooth activated and set to "discoverable" will show up, usually identified by its default device name. Being "discoverable" means your gadget is visible to anyone searching, but even if it isn't, an attacker still can find it, using software freely available on the Internet. The attacker then can use more software to take, delete, change or add data.
So what is a consumer to do? Turn off Bluetooth on your phone unless you really need it to communicate with your other gadgets. In most cases, phones that have Bluetooth will have prominently displayed the fact on the box the phone came in, or you can expect to find "Bluetooth" in the index of your phone's manual. Otherwise, the Bluetooth settings can usually be found in the "Communications" or "Connections" menu on your phone. More importantly, there shouldn't be anything on your phone that you don't want someone else to have.
蓝牙手机易受到"Snarf攻击"
如果你在马路上发现有人总是跟在后面,或者背著背包站在你旁边,你可要注意了:你可能已经遭到了"Snarf攻击"。这个令人不悦的词意味著:你手机上的所有信息--包括地址、日历、你给谁打过电话、谁打过电话给你--可能全都在跟踪者的电脑里了。
现在很多手机都使用蓝牙技术,借助此技术手机可以与电脑、PDA和其他手机等蓝牙设备进行无线沟通。这样很方便,但它也很容易使设备上的数据被人窃取,甚至于电话被盗用。
去年,伦敦网络安全顾问公司AL Digital发现一些蓝牙手机的信息交换方式出现漏洞,这些漏洞使得黑客可以接触到手机上存储的任何信息而不被用户察觉。AL Digital的亚当?劳里(Adam Laurie)发现了这个问题,并向手机生产商和公众披露了这个信息(他没有说明其中细节,以防止一些好事者在街头模仿)。他把这种偷袭手法称为"Bluesnarfing攻击"。(Snarf的意思是拿著别人的东西逃跑)
但之后事态并无太大进展。劳里说,生产商并没有马上重视这个问题。诺基亚有所回应,但在回复电子邮件时却说"并未看到任何蓝牙手机被攻击的情况"。甚至连那些强调危险性的人也表示他们没听说过这种攻击的具体个案。但这不是问题所在。这些攻击是可能发生的,而且攻击软件也很容易获得。也许人们不会这样做,或者我们还想像不出攻击者能从攻击中获得何种好处,但这个问题不会因此而消失。
劳里列举了多个攻击可能发生的场合:娱乐记者可能偷窥明星的信息,恋童癖者可能窃取儿童的电话号码。他说,在获得许可情况下,他曾经从一个朋友的手机上偷看到她公司的许多细节信息,如门店的信息、门密码和保险箱密码组。"你可以获得各种各样的信息,就我了解的情况,不论哪种信息的泄露都是很糟糕的事情。"
现在这已经不只停留在理论上面了。萨尔兹堡(Salzburg)Research Forschungsgesellschaft mbH的27岁德国学生马丁?赫弗特(Martin Herfurt)近来就在汉诺威的高科技交易会上打开他的便携式电脑,进行了一次snarf攻击。他找到了近100个可以从中窃取信息、发送文本消息甚至用来打电话的手机。随后他发表了一篇文章,用他的发现证明这种攻击很容易进行。
怎样进行攻击呢?首先,攻击者得找到一个目标。攻击者用一个启动蓝牙功能的便携式电脑去"发现"覆盖范围内的其他蓝牙设备。接著所有启动蓝牙功能并设置为"可见"模式的设备都会出现,其名称通常就是设备的默认名称。(我曾经在堵车的时候用自己的手机尝试了一下,在覆盖范围内找到两个其他的设备,其中一个有著很有诱惑力的名字:"公主")。有一点很重要:"可见"状态意味著你的设备可以被任何正在搜索的人看见;即使看不见,攻击者也能用软件找到你,这种软件很容易在网上得到。
一旦攻击者找到目标,他就可以用更多的软件去搜索该品牌手机和其他设备交流的"频道"。一旦找到频道,他就能窃取、删除、修改或添加信息。另外的重要一点是:在与另一个蓝牙设备交流之前用户一般要对设备进行设置──即 "配对",然后两个设备才能相互"信任"并交换数据。而snarf攻击可以绕过所有这些程序。
持怀疑意见的人认为这种攻击只有在离攻击对象很近的时候才会发生,而这样受害者将会有所察觉。劳里否认了这种看法。他在实地试验时把便携式电脑装在背包里,在伦敦市内闲逛。他说:"在地铁的高峰时间,我每10秒就能看见一个新电话出现。"这些电话中有三分之一容易受到攻击。他根本不用靠得很近。在路上,如果他发现有开车者在使用手机的耳机,他就会跟在后面,让便携式电脑开始扫描。劳里估计能够在半径达80米的范围内追踪其他设备。"简直就有一个足球场那么大,"他说。
更恐怖的是,这些只不过是已经被发现的缺陷,也就是说,另外还有很多缺陷没被发现。随著我们往手机里存储更多的信息、我们的手机越来越先进,我们暴露在攻击之下的可能性也更大。生产商有必要多加考虑、与安全专家重点讨论这些漏洞、更加坦率地面对用户。诺基亚回答过用户在电子邮件中提出的有关问题,而索尼爱立信却没有。我在他们的网站上也找不到任何关于Bluesnarfing攻击的内容。
有什么建议?我的建议是:把你的蓝牙手机关掉,除非你真的要用。更重要的是,不要在手机上存放任何你不想别人知道的信息,不管是密码、保险箱密码组还是敏感的文本信息。不论黑客是在对面的地铁站台用高科技无线方法进行攻击,还是普通的"抓一把就跑"的方式,只要他们没有弄到你的重要信息,你就应该感到高兴。
