Tag Archives: Phone

The Phone Belch

Why is it that cellphones ring louder the longer they go unanswered? The ring starts quietly, then builds up to an ear-splitting crescendo. I know what the apparent logic to this is — if the phone is right in front of the person, they don’t need it loud to be able to hear it, so the loudness is only needed if the phone hasn’t been answered immediately — but is that really logical?

What happens most of the time is that folk don’t hear the phone ringing immediately because it’s in their pocket/bag/desk/mouth. So they remove it just as the ring gets louder. The phone is now ringing at the loudest volume it can reach, without any clothing/leather/hardboard/teeth to muffle it. By now other folk in the bus/train/office/bed are getting irritated, which is not helped by the callee staring intently at the phone display to figure out who it is and whether it’s worth answering. It’s at that point that the phone’s clever software cranks the volume up a notch.

If phones are so smart, why don’t they fix the volume so that it starts quietly for two seconds, gives one polite belch if no one has answered, and then stays at a modest volume — or no sound at all — until answered or ignored? The belch would be good because everyone will look around, something people never do if a phone is ringing, so there’s very little chance of the callee not being made aware that something is going on. Those offended by the belch idea, or living in classier neighbourhoods, could go for discreet coughs, sneezes or subtle but distinctive exhalations of air. In Hong Kong, still nervous about SARS, a cough or sneeze would empty the bus. That’s how you’d know your phone was ringing: Everyone suddenly got off at the same stop.

Anyway, my message to the phone industry is: Think before you implement clever tweaks like the increasingly-loud-ring-tone. Oh, and if you need someone to record the polite belches, I’m free next Thursday. 

The Bluesnarfing Skeptics

Is Bluesnarfing the big problem it’s made out to be?

“Traditionally,” wrote Guy Kewney of eWeek earlier this month, “security consultants have made a passable living by frightening ignorant managers with security holes. Then they charge money to fix them.” He then takes a look at bluesnarfing, which regular readers of this blog and the column will already be familiar with. His conclusion: Such concerns are “a load of hooey”. Here’s why:

  • Range: “You have to get to within a few paces of the phone you want to raid because the effective range of Bluetooth is said to be about 30 feet..in clear air, not in a crowded room”;
  • Phone ID: “You have to identify the phone correctly. You won’t see “I’m Tony Blair’s phone full of secrets!” in nice helpful letters; you’ll see the make of the phone”;
  • Affected brands: “The phone also needs to be vulnerable to attack…affected phones, which so far are limited to Nokia, Ericsson and Sony Ericsson handsets”;
  • Tools: “you have to have a PC. I doubt there are more than 10 people in the world who could be bothered to create one, and they are almost certainly all security consultants”;
  • Results: “what do you get? A list of phone numbers?”

Guy sees such ‘news scares’ as intended to “convince a large group of people that the guy who discovered the ‘security loophole’ is a genuine expert in the field (true) and it may frighten some of them into hiring this expert to do security work for them.”

OK, let’s take a look at Guy’s points. The first one, range, is pretty simple. Bluetooth doesn’t have a range of 30 feet (10 meters); it has a range of up to 100 meters, depending on which class of Bluetooth gadget you’re talking about. But the problem is not the range of the targetted gadget, but of the attacker’s. Adam Laurie, the guy who first publicised this, has used off the shelf components plugged into a laptop to get a range of 80 meters and reckons with antennae it could go much further.

The second issue, Phone ID, is somewhat misleading. While it’s true Tony Blair is unlikely to have had the time or interest to alter his phone’s default name (usually the model name) to one more personal, the attacker is unlikely to be snarfing around for an exact model name. He is going to gobble up all the vulnerable Bluetooth device data he can find and then later, if he needs to, try to match data to individuals via, for example, the SMS sender field in any outgoing SMS/text messages. This field would reveal the telephone number of the target (thanks Martin Herfurt for clarifying this.)

Affected brands: While it’s true that not all phones are affected, Nokia remains the single largest player in the UK (where eWeek is writing from) with nearly 30% market share in the first quarter of this year. SonyEricsson has nearly 6%. And while not all models from those manufacturers are vulnerable, that’s still a lot of handsets.

Tools: Yes, it’s unlikely you’d be able to mount a successful attack without a laptop, a Bluetooth dongle, and some technical idea of what you’re doing. But it’s naive to suggest that it’s only going to be security consultants doing this kind of thing. The Bluesnarfing problem is one of data theft, which means its most likely users are folk in the data theft business, either for commercial purposes or criminal ones. Sure you’re going to get a few techheads doing it for the hell of it, but the most likely threat is commercial espionage, and those guys are pros. Just because you can’t imagine someone doing it, doesn’t mean a criminal can’t.

Results: This again reflects the limited imagination of the writer. Basically any information can be stolen from a cellphone via snarfing. This not only includes contacts — in themselves potentially valuable — but also any notes stored there, such as safe combinations, passwords, PIN numbers. In any case, Bluesnarfing is not just about data. It can also involve hijacking the user’s phone to make a call without their knowledge. The ability of someone remotely to use your phone to dial a number and talk — which then appears to the recipient to be coming from your phone — raises all sorts of problem scenarios, but I’ll leave those to your imagination.

It’s not a new mantra, but it’s worth repeating: Just because we can’t think of how someone might benefit from these kind of security holes doesn’t mean someone else can’t. Sure, there are plenty of pseudo-security problems out there, and it’s good to be skeptical, but as long as the manufacturers don’t address it, Bluesnarfing is a real one, seriously compromising the security of your cellphone. As cellphones, PDAs and cameras merge into smartphones this problem can only become more acute.