The backdoor attack, according to Laurie, involves establishing a trust relationship through the pairing mechanism but later making the pairing information invisible on the target's register of paired devices to enable an anonymous connection. The process requires participating users to first create a PIN (personal identification number) and then enter this number in each device, in order to initiate a connection, he said.
The problem arises, Laurie said, when one of the "trusted" persons decides to use the backdoor hacking method to hide the identification data and gain unauthorized access to that person's device. "Unless you happen to be staring at your phone and see a little icon appear indicating a connection, you won't know that anyone has gained access to your phone," he said.
Nokia said that it is not aware of any attacks against Bluetooth-enabled phones and believes it is "highly unlikely" that these phones will become broadly exposed to security attacks.
"From a security viewpoint, Bluetooth is actually very strong," Ahlberg said. "There were just some implementation flaws that made these security flaws possible in a couple of models."
Additional information about the security flaws detected by A.L. Digital is available at: www.bluestumbler.org.