Bluetooth mobile handsets can be overtaken even when security features are turned on:
The technique is a practical implementation of a technique described by Ollie Whitehouse of security firm @Stake last year, which allows an attacker with specialised eqiupment to connect to a Bluetooth handset without authorisation. Once the connection is established, the attacker could make calls on the target's handset, siphon off data or listen in on data transfers between the device and, for example, a PC. Some security firms recommend financial traders avoid Bluetooth handsets because of the potential attack.
The original method required an attacker to listen in on the initial connection procedure between two Bluetooth devices – called "pairing" – which occurs only rarely. The new attack however allows an attacker to force two devices to repeat the pairing procedure, allowing the attacker to listen in and determine the identification code (PIN) used to protect the connection.
Link to TechWorld story, Link to New Scientist story, here's more from Bruce Schneier's blog, and here is the paper: Cracking the Bluetooth PIN, by Yaniv Shaked and Avishai Wool.
Bluespam is one tool used to sniff out discoverable devices with default PINs: Link (Palm OS). More are here: Link. (via socalwug list)
