Tag Archives: Bluetooth

Symbian Phones

Nokia N95There’s a new worm (malicious code) going around infecting mobile phones that use the Symbian system (see below for a list of phones). There are two variants called the Beselo.A and Beselo.B worms.

It gets transmitted by Bluetooth or by MMS so you can’t really avoid receiving it. It consists of two parts:

  • An attachment with an interesting name, such as beauty.jpg, sex.mp3, or love.rm
  • A text message asking you to “install” the attachment to view it

With MMS messages it’s not necessary to “install” anything to view a picture or to play an audio attachment. What’s really happening is there’s no picture or audio file attached, it’s a malicious program. The wording of the message is just a trick to install the worm (a technique known as social engineering). If it were really a picture you’d be able to see it without installing anything, and likewise for audio attachments.

If you receive a message asking you to install something and it promises to show you a picture or play an audio file, say no. Delete the message.

F-Secure make an antivirus package specifically for phones that use Symbian, and that would detect the file. But common sense and the explanation above should be sufficient to avoid it.

Below are some of today’s popular phones that use Symbian S60. If your phone is on this list then it’s vulnerable to this attack.

  • LG – JoY
  • Nokia – 3250, 5500 Sport, 5700, 6110 Navigator, 6260, 6290, 6600, 6630, 6680, 6682, E50, E51, E60, E61, E61i, E65, E70, E90, N70, N72, N73, N75, N76, N80, N81, N90, N91, N92, N93i, N93, N95, N95 8GB, N82, N81 8GB, 6120, N77
  • Nokia (discontinued) – 6681, 6670, 3230, 7610, 3650, 3600, 3660, 3620, 7650, N-Gage, 6620
  • Panasonic – X800, X700
  • Samsung – SGH-D720, SGH-D730, SGH-i450, SGH-i520, SGH-i550, SGH-i560
  • Sendo – X
  • Siemens – SX1

Bluetooth Headsets

Most Bluetooth headsets are not secure. I encourage everyone to watch the video linked below to see how easy they are to hack.

In this demonstration by Joshua Wright he connects to a stranger’s bluetooth headset and is able to eavesdrop on the random stranger. He also briefly shows how audio can also be sent to the headset. Anyone with a Bluetooth headset that’s currently on is at risk of something like this. The biggest part of the risk is that almost all Bluetooth headsets use a default PIN (usually 0000).

Watch the video here.