[Previous entry: "You must be joking?"] [Home] [Next entry: "Random Characters as User Agent String"]
Snarfing - a real security risk?
After reading "Beyond Fear" recently I sometimes wonder about some of the security news and alarms raised. One of the latest is "snarfing" or "bluesnarfing", now acknowledged by some mobile phone manufacturers.
While I agree that it is a problem and should be addressed I have my doubts about it having a "huge potential for abuse" which "allows data, such as telephone numbers and diary entries, stored in a vulnerable device to be stolen by the attacker". My reasoning?
- Bluetooth has a range of about 10m, as far as I know. Meaning an attacker would have to get quite close to me. Someone who has the skills to perform this kind of attack is likely to be able to perform other attacks as well without having to get so close (e.g. hacking into networks), which probably give much more valuable data. So why waste time on this?
- Let's assume this attacker sets up shop in busy place, e.g. a train station. If he strikes lucky he might be able to download some address book entries and also a few diary entries from a few random people. And then? What does this help him? Most of these details are probably available in a lot of other places anyway. And what does he do with the information that Joe Bloggs has a dentist appointment on Thursday?
- Address book and diary entries are of limited value for any attacker, even if he's involved in industrial espionage. Theoretically he might find out who the CEO of a company is meeting, may be to discuss a merger. But then again it might just be an innocent meeting between colleagues. There is much more valuable data to steal out there, so why waste time on this?
What do you think? Am I right or am I missing something?
End of entry
Entry trivia
Dodgy picture of the moment:
No risk of anyone bluesnarfing this ;-) No sensitive data in these drawings anyway, I should think.
End of entry trivia
Spread the word:
Do you like this weblog? Do you think others might be interested in it? Then please tell a friend! Thank you.
Send me feedback about this entry:
The form below will send me an e-mail. To discuss in public, please use my discussion forum.