Security experts claim that some Bluetooth-enabled phones and
PDAs allow unauthorised individuals to access personal contacts and
appointments and even make phone calls using the owner’s identity,
according to ZDNet. This is because the security features on these
devices are sometimes disabled by default.14 Oct 2002
Under Bluetooth’s security specification, before two devices will communicate, a matching code number must be entered into both devices. However, Magnus Nystrom, technical Director of RSA Security, told ZDNet that many Bluetooth-enabled devices allow access without demanding a “pairing” code.
The vulnerability could be used to steal phone numbers from a victim’s contacts list and to make calls which are charged to the victim’s account and which use the victim’s identity.