Nokia releases invisible Bluetooth hack fix

More than six months after admitting there was a Bluetooth security flaw in a number of its mobile phone handsets, Nokia said it has released a software upgrade that fixes the vulnerabilities.

In February, Nokia and Sony Ericsson admitted that some of their Bluetooth-enabled mobile phones were vulnerable to "bluesnarfing", in which an attacker can read, modify and copy a phone's address book and calendar without leaving any trace of the intrusion.

Some handsets contained an even more serious vulnerability that allowed the phone to be "taken over" by the attacker, who could then use it to make phone calls, send text messages or even modify the handset's settings.

Once the problems were discovered, Sony Ericsson offered to update any affected handsets but Nokia said it did not think the vulnerabilities were serious enough to warrant an upgrade.

However, following pressure from customers, Nokia announced in May that it would provide a software upgrade in "the summer" but did not set a firm date for its release.

On Thursday, Nokia confirmed that it had released updates for five of its handsets and reiterated that it will issue fixes for all remaining vulnerable devices by the end of the summer.

"Nokia will introduce a software update in summer 2004 to address Bluetooth security in certain Nokia mobile device models. For many of them (Nokia 6230, Nokia 6650, Nokia 6810, Nokia 6820, Nokia 7200) the upgrade is already available," Nokia said in a statement.

However, Nokia could not clarify exactly where customers might get hold of the patches or even whether they will be able to apply it themselves.

Further details are expected in the near future.

Security experts have said it is important that users do upgrade their phones because more cracking and hacking websites have started publishing software tools designed to help non-technical users launch a bluesnarfing attack.

Tim Ecott, manager of the S3 (ethical hacking) team at security firm Integralis, said bluesnarf "cook books" are starting to appear.

"Rest assured they do exist. They are certainly not widespread at this stage but there are a number of locations where this code is exchanged and explored by various people. Our company is aware of some of these locations and has used some of the information to develop code to test the vulnerability in the first place," Ecott said.

Mark Rowe, an IT security consultant at Pentest, which was one of the companies that first discovered the problem, said more people are learning how to carry out bluesnarfing and similar attacks; and because the upgrade hasn't been made available, the only way users can guarantee their safety is by turning Bluetooth off.

But Integralis's Ecott said Nokia was probably not treating the matter with great urgency because overall the risk is relatively low. He said a potential victim would need to have a vulnerable phone with Bluetooth switched to visible; then they would have to be in close proximity to the attacker; and finally, the bluesnarfer would need some reason to attack their particular phone.

"If you are at an airport with a bit of time to kill, you could sit at a hotspot and try and get on the web via someone else's phone. There are examples where all the required conditions may well come together but not in sufficient numbers to cause Nokia to lose any sleep," Ecott said.

Munir Kotadia writes for ZDNet UK