The original work was done late last year. Since then, AL Digital has uncovered even more flaws. Adam Laurie, a director and chief security officer, told CommsDesign.com that when he contacted the Bluetooth SIG to alert them to the problem, "they were very unconvinced and did not take me at all seriously, even though we demonstrated the seriousness of the problem and threat of loss of data and misuse".

It was in the course of their work identifying system vulnerabilities and securing and encrypting systems that AL Digital uncovered two specific security breaches. One is the "SNARF attack," where data including phonebook, calendar, associated attachments and business cards can be obtained without the owner's knowledge or consent.

Normally this is only possible if the device is in "discoverable" or "visible" mode. "But we have proved that that this safety net can be bypassed," said Laurie.

The security breach exists on several models from both Nokia and Sony-Ericsson. A paper posted on the Internet details the models tested and possible consequences.

To validate its research, AL Digital has also devised several proof-of-concept tools, which it is ready to share with mobile phone suppliers.

Another even more invasive problem is "back-door attack," to which Laurie said some Nokia models are particularly prone. A phone's complete memory contents can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. This means that not only can data be retrieved from the phone, but other services can be accessed without permission, including modems, Internet, WAP and GPRS gateways.

Indications are that once the back door is installed, the SNARF attack will function without restriction on devices that previously denied access.

"I was quite underwhelmed at Nokia's response as well, and they were not that keen to work with me to test their phones and solve the problem, which they suggest is not a real issue," Laurie said.

He also pointed to the current trend called "bluejacking," a technique for anonymously sending messages to users of other Bluetooth-enabled phones who have switched on and made their handset "visible" to other users.

Although Laurie said bluejacking seems fairly harmless, the problem lies in the fact that the protocol being abused is designed for information exchange. Bluejacking uses the first part of a process for data exchanges, and is therefore open to further abuse if the handshake completes and the hacker successfully pairs with the target device. All data on the target device could then become available to the initiator, including phone books, calendars, pictures and text messages.

"Our goal in highlighting this problem is to alert users to the dangers that exist and to tell them what precautions they can take. We also want to put pressure on the manufacturers to rectify the situation.

"Manufacturers have a duty of care to provide that protection but, in practice, commercial considerations will often take precedence, and, given the choice, they may simply suppress or hide the problem, or, even worse, push for laws that prevent the discovery and/or disclosure of such flaws."

Laurie suggested the only defense against a SNARF attack is to switch off Bluetooth phones. Users are unlikely to be comfortable with drilling down through a sequence of menu items to disable Bluetooth, and those who are will find it inconvenient.

"To permanently remove a pairing and protect against future back-door attacks, it is necessary for the mobile phone to be reset by the factory. But this will, of course, erase all personal data."

AL Digital is a specialist in security systems, but not those targeted at wireless networks. The company's executives wrote the Apache-SSL secure Webserver program. The firm operates three data centers for secure hosting and colocation.