Home > Eye on > Communication & Network
Bluetooth Cellphones: Zero Defenses against Hacking
By Dae-Sung Cho (ZDNet Korea)
May 3rd, 2006
Bluetooth phone's helpless security against hacking raised big concerns after a hacker organization revealed its vulnerabilities.

A university hacking and security research group called 'PAraDOxCON'(www.padocon.org) revealed that how they penetrated weak security walls in bluetooth phones at its open conference in last February.

An administrator from 'PADOCON' said "We have been identifying major vulnerabilities in relation to bluetooth technology in overseas market for two months, and we've been testing South Korean domestic market since this January, tried to hack into bluetooth phones."

'PADOCON ' discovering vulnerabilities of domestic bluetooth phones
Hacking subjects were Samsung Electronics'and LG Electronics' bluetooth cell phones and PDA phones. The PADOCON revealed three major areas of security vulnerabilities beforehand.

First mentioned is a problem in usage due to bluetooth's signal interference. PADOCON administrator said "Biggest problems in wireless communication is in its availability; like using DoS(denial of service) to interfere with bluetooth data transmissions or even freeze up the cell phone's wireless communications entirely."

Second problem is in retrieving user's personal information like an address book or a contact list.

The PADOCON administrator said "Extracting user's information was possible through attacking various applications within the cell phones rather than directly penetrating the bluetooth's security walls as it was reported in overseas case before."

Third problem area is with audio conversion or transforming voice of user. The audio signal gets modified or even order of conversation sequence gets rearranged. For example; if you said "Car was there!" it could be modified to "There was car".

The PADOCON administrator also mentioned "a part of buletooth's security flaws are also in its specs and there are limitations and responsibilities to how much the product manufactures can do to solve these problems."

He continued "However, these cell phone manufactures have known about the flaws in bluetooth security but have not taken too much measure yet."

Samsung's woe coping with hacking
Heads of security in Samsung Electronics and its wireless communication division have been struggling to come up with a solution and countermeasures.

If the security walls get raised higher, it could make the features more complicated making users inconvenient and on the other hand, they just can't continue to ignore the security flaws due to the growing popularity of bluetooth in cell phone market.

A developer from Samsung wireless division R&D said "Vulnerabilities to hacking is a problem within the bluetooth specs and therefore solution lies with bluetooth chipset manufactures and its software but not with the cell phone manufactures."

The problem with audio data manipulations does not raise too much concern because the bluetooth's maximum transmission range is within 10 meters(or 30feet). But in reality, they don¡¯t have the ideal countermeasure to solve this issue.

This researcher added "In case of information extraction, it was possible due to bluetooth's default settings to connecting mode or searching mode in 'enabled' mode and if you can disable these settings the hacking issues can be solved. But unfortunately, these settings are not user controllable."

He also said "Even for the developer, its not easy to change default settings, for now, the number of default settings should get reduced and also make it much easier for users to do it themselves."

Countermeasures to bluetooth phone hacking urgently needed
In last April, Samsung Electronics had sold more than a million 'blue black phone'(bluetooth phones) to combined domestic and overseas markets. And out of those, 900,000 were exported to overseas and Europe got about half of those.

The issue on hand is this. Recent reports of bluetooth security breeches and hackings come from Europe. Russia had hacking with bluetooth PDA phones.

An affiliate from PADOCON warned that "We should see a rise in usage to bluetooth technology especially in cell phones over notebooks due to its nature of applications. Therefore we are in need of security measures in bluetooth urgently!"

Overall sales of bluetooth embedded mobile products are hitting just tip of an iceberg but we are seeing a huge increase in usage and demand is growing in domestic and overseas all over the world. The cell phone manufactures just can't leave this hot potato on the stove. It¡¯s about time that they handle this issue very seriously.
Korea Announces Crackdown on Illegal Internet Porn
Samsung teams up with Beyonce for Ultra Music
Samsung's new high performance platform for camcorders
LG Collaborates with Dolby to Enhance the Entertainment Experience on Multimedia Phones
Samsung Electronics Reports Second Quarter Results
 
 
Copyright ¨Ï 2005 CNET Networks, Inc. All rights reserved.
ZDNet is a registered service mark of CNET Networks, Inc. ZDNet Logo is service mark of CNET Networks,