A phone in London and a seasick girl.

[reddragdiva]

We are looking to get a cameraphone for redcountess (see her post). We're eyeing up the Motorola V525 for nothing up front on a one-year £15/month contract. It does 640×480 photos and everything else except MP3s, really.

So. Have any of you lot tried it?

The rest of Vodafone's nothing-up-front selection is here. Motorola V525, Panasonic X60, Sony Ericsson T610, Nokia 6820, Samsung P400, Sharp GX10i and Nokia 6600. The ones doing 352×288 are not suitable.

Update: Thanks to impatience, we've gone for the Motorola. Arriving Friday.

Comments

[grumpy-sysadmin.livejournal.com]

I like my SE T616 (same phone, different wavelength radio, otherwise identical), for whatever that's worth.

[reddragdiva]

That's good enough for us. Ordered! See also warlockuk's comment on Liz's post for the J2ME developer perspective ...

[grumpy-sysadmin.livejournal.com]

The danger, of course, is that the whole Bluetooth thing will seem so sexy that you'll end up buying a Mac laptop and a cordless headset.

[reddragdiva]

You heard the stuff about the Bluetooth cracks? There are whispers of (a) further cracks (b) flaws in the protocol itself (c) head-in-sand responses from Nokia and Ericsson. Bluetooth on any device here stays OFF.

[grumpy-sysadmin.livejournal.com]

The "crack" involves largely... browsing my addressbook.

Um, okay.

In any case, I only switch it on when I actually want to use it, which is just common sense anyhow (running an extra radio costs battery life), which is seldom in a situation where anybody'd have an opportunity to break into my phone. My co-workers could... only to find that the addressbook is primarily them.

The threat model just doesn't make sense here.

[redcountess]

I'd quite like to have a bluetooth headset, which would require leaving it on all the time. So I guess I'll have to either hold off on getting a headset until they've fixed the vulnerability or not put valuable info on the phone. The latter is really not a problem because I don't like the idea of virtual wallets. And as for bluejackers, I think I'd be more amused than anything.

[redcountess]

Ok, after reading this post from lusercop on London PM, I don't think I'll be using a Bluetooth headset at all.

[grumpy-sysadmin.livejournal.com]

Suit yourself.

I think lusercop and reddragdiva are both overreacting. I think that the important Bluetooth problems are implementation, not protocol ones. Nokia's phones responding to any old request even if Bluetooth was ostensibly "off" is a really horrible problem, but I don't have a Nokia phone and you're not considering getting one. I think lusercop's scenario where the repeat-pairing is a problem is horribly contrived. (I've never once paired my phone with someone else's, and I can't imagine a circumstance in which I would... what is this for, sharing ring tones? My phones always on vibrate because I hate listening to cell phone ring tones.) I think that if your usage is simply "pair with cordless headset", there isn't any way for the attacks to work (except on Nokias, and they must be fixing that by now).

I think that, disregarding all of my complaints against the actual funtionality of the attack, the threat model still isn't there. The proven attacks involve stealing my contact information (have it! here, you want it?) or schedule (I don't use the phone for that, so have fun). So I'm not scared because I understand the threat model and it simply doesn't apply to me.

Maybe it does to you?

[redcountess]

My understanding of protocols etc. is very limited (ask me to explain a TCP/IP stack and I couldn't), but I suppose that if a snarfer was able to connect their device to yours via bluetooth, they wouldn't just be able to get data off your phone but use data and telephony services from it, although I'm sure that one would notice the latter pretty quickly and terminate the connection :-/

[grumpy-sysadmin.livejournal.com]

See, that's precisely my point. It has not been demonstrated that the latter is possible, lusercop is just positing that he thinks it would be without basing that statement on any evidence.

The two things are not logically related. A paired device (like a laptop or a headset) could do this. But I've seen no evidence that supports that theory that some random attacker can waltz up and pair with my phone (unless it's a Nokia, which it's not). The repeat-old-pairing-even-if-deleted problem is a bit bothersome... so don't pair with things that don't belong to you. Poof.

Threat model, threat model, threat model.

[reddragdiva]

See last couple of paragraphs of http://london.pm.org/pipermail/london.pm/Week-of-Mon-20031215/023533.html .

[grumpy-sysadmin.livejournal.com]

Do you mean the part where he says "I suspect that [lots of scary stuff he's totally making up without any basis in fact]"? Or do you mean the ad hominem attack as a sign-off?

Bluetooth ain't perfect. Neither is 802.11. Neither is SSH (2, even). That doesn't mean they aren't useful technologies, and that doesn't mean there's a realistic threat model where it's logical to believe that I'd be injured by this attack. Therefore, I choose to use the technologies, knowing the risks. (And they're really not that great in the case of Bluetooth out there in the Real World.)

[grumpy-sysadmin.livejournal.com]

Um, but warlockuk said he didn't like the SE...

[reddragdiva]

D'oh! Sorry, buh. We bought the Motorola. Warlock liked that. Even tho the camera is mediocre.

[grumpy-sysadmin.livejournal.com]

Yah, that makes sense.

I had every intention of buying a PowerBook or iBook (SE and Apple are cooperating on synching addressbooks), and SE's is probably the best Bluetooth stuff you can get in the states. But most of those things don't apply to you.

[daneel-olivaw.livejournal.com]

Just got a T-630 (610 innards in a different case as far as I can tell). Tap me on the shoulder if you want to take a look on Friday?

[reddragdiva]

Heh. So we can get buyers' remorse? :-)