Following sent to all Oracle employees yesterday:
Audience
All Oracle Employees Worldwide
Security Alert
Multiple vulnerabilities have been found in Bluetooth enabled Nokia,
Ericsson and Sony Ericsson mobile phones.
How Does This Affect Me?
If a hacker is within range (just a few meters) of a Bluetooth enabled
device, the attack could result in the phone resetting or terminating the
current operation. In the worst case, a hacker could use your phone to send
SMS (Short Message Service), and use your browser to access the Internet.
The connection fees are charged to your phone bill, since the connection was
made via your phone.
No "device pairing," such as a remote headset, is required from one
Bluetooth device to another Bluetooth device. Therefore, anyone in range of
the phone could initiate an attack. (Device Pairing refers to the initial
authentication of two Bluetooth devices such as a cellular phone and a
remote headset.)
Affected models are:
Nokia 6310, 6310i, 7650, 8910 and 8910i
Ericsson T68
Sony Ericsson R520m, T68i, T610 and Z1010
Action Required
In public places, where devices with Bluetooth technology might be targets
of malicious attacks, you can stop hackers by setting the device to a
non-discoverable mode (hidden), or simply switch off the Bluetooth
functionality altogether. This does not affect other functionalities of the
phone.
No fix is currently available. However, exposure to this threat can be
limited by enabling Bluetooth only when it is absolutely necessary.
John Whelan
Direct: +353 1 209 0787
Mobile: +353 87 683 8850
www.alatto.com
Meet Alatto at 3GSM Cannes, Stand B22, Hall 1
Received on Tue Feb 17 17:42:35 2004