Top makes of cellphones have a serious security flaw allowing unauthorised downloading of contacts, diary details and stored pictures, Britain’s Times reported on Wednesday.
The newspaper said it had been given demonstrations of a technique for stealing the information, known as Bluesnarfing, which experts predict could have a devastating effect on Nokia and Sony Ericsson, the two companies whose phones appeared vulnerable.
Phones most at risk include Nokia’s best-selling 6310 model and Sony Ericsson’s T610.
”The implications for users of susceptible handsets are enormous,” said Adam Laurie, the chairman of AL Digital, the computer software security firm that discovered the flaw.
”You could sit outside your business rivals’ annual sales conference and download all the customer information, contacts and diary appointments stored in the phones of the sales force,” he said.
”This is a serious flaw, but the phone companies aren’t taking it seriously,” Laurie said.
The Times. said it had accompanied Laurie on two demonstrations during which his laptop, using his own software, scanned for Bluetooth-compatible phones. Those with the facility switched on up to 90 metres away were vulnerable.
In two cases, Laurie was witnessed downloading the phones’ entire phone book, calendar and diary contents and, in one case, a stored picture.
During one test in central London, Laurie’s system identified vulnerable handsets at the rate of one a minute.
The Times said Laurie had reported the flaw to the manufacturers in November last year, but he claimed they had done nothing about it.
Ian Angell, professor of Information Systems at the London School of Economics, described the discovery of the flaw as a devastating blow for the phone companies.
”This could really disrupt the whole industry. The idea that a perfect stranger could spy on you that represents a technology too far,” he said. – Sapa-DPA