Security experts claim that some Bluetooth-enabled phones and
PDAs allow unauthorised individuals to access personal contacts and
appointments and even make phone calls using the owner’s identity,
according to ZDNet. This is because the security features on these
devices are sometimes disabled by default.
Under Bluetooth’s security specification, before two devices
will communicate, a matching code number must be entered into both
devices. However, Magnus Nystrom, technical Director of RSA
Security, told ZDNet that many Bluetooth-enabled devices allow
access without demanding a “pairing” code.
The vulnerability could be used to steal phone numbers from a
victim’s contacts list and to make calls which are charged to the
victim’s account and which use the victim’s identity.
