Ministry of Propaganda - 14/Feb/2004: "Snarfing - a real security risk?"

[Previous entry: "You must be joking?"] [Home] [Next entry: "Random Characters as User Agent String"]

Snarfing - a real security risk?

After reading "Beyond Fear" recently I sometimes wonder about some of the security news and alarms raised. One of the latest is "snarfing" or "bluesnarfing", now acknowledged by some mobile phone manufacturers.

While I agree that it is a problem and should be addressed I have my doubts about it having a "huge potential for abuse" which "allows data, such as telephone numbers and diary entries, stored in a vulnerable device to be stolen by the attacker". My reasoning?

• Bluetooth has a range of about 10m, as far as I know. Meaning an attacker would have to get quite close to me. Someone who has the skills to perform this kind of attack is likely to be able to perform other attacks as well without having to get so close (e.g. hacking into networks), which probably give much more valuable data. So why waste time on this?
• Let's assume this attacker sets up shop in busy place, e.g. a train station. If he strikes lucky he might be able to download some address book entries and also a few diary entries from a few random people. And then? What does this help him? Most of these details are probably available in a lot of other places anyway. And what does he do with the information that Joe Bloggs has a dentist appointment on Thursday?
• Address book and diary entries are of limited value for any attacker, even if he's involved in industrial espionage. Theoretically he might find out who the CEO of a company is meeting, may be to discuss a merger. But then again it might just be an innocent meeting between colleagues. There is much more valuable data to steal out there, so why waste time on this?

What do you think? Am I right or am I missing something?

End of entry

Entry trivia

• When writing this entry the weather was: Cloudy, rain earlier
• When writing this entry I was listening to: Franz Ferdinand - Franz Ferdinand
• I'm currently reading/have just finished reading this book/publication: Martin Edwards (editor) - Mysterious Pleasures
• I recently visited this website/-page: news.com
• The last drink I had was/is: Orange juice

Dodgy picture of the moment:

No risk of anyone bluesnarfing this ;-) No sensitive data in these drawings anyway, I should think.

End of entry trivia

Spread the word:

Do you like this weblog? Do you think others might be interested in it? Then please tell a friend! Thank you.

Send me feedback about this entry:

The form below will send me an e-mail. To discuss in public, please use my discussion forum.

Your name (required)

Your e-mail (required, will not be published or passed on)

Your website (optional, but recommended)

Is this feedback
public (i.e. contents can be published in a future entry)
private (i.e. contents are only for my eyes)

Your feedback for this entry:

Home © Armin Grewe 2024 -- Last update: 16 February 2004 -- Contact