Ever wondered about Bluetooth vulnerabilities, how they work, whether your phone is vulnerable, and even wanted to know about the cracking tools? Then, take a look at this page on Bluetooth flaws. The page isn't pretty, but its got a lot of information. According to the Bluestumbler, there are two potential vulnerabilities:
- Confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar, and the phone's IMEI.
- The complete memory contents of some mobile phones can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be "backed up" to an attacker's own system.
These problems are exascerbated by the phenomenon of "bluejacking" where anonymous messages are exchanged during the initial pairing handshake.