War Phoning tne new sploit ?
Results 1 to 4 of 4

Thread: War Phoning tne new sploit ?

  1. #1
    Senior Member
    Join Date
    Apr 2002

    War Phoning tne new sploit ?

    hey looks like phone phreakers are still here found at the register


    Bluetooth-enabled phones and PDAs with inadequate security could become the target of the next wave of security exploits, allowing phreakers to filch confidential information or even make calls using someone else's identity.

    Such War Phoning exploits, as they have been dubbed, arise because security features on Bluetooth-enabled devices are sometimes turned off by default, ZDNet reports.

    Early reports of the phenomenon come from this week's RSA Security conference, in Paris.

    "I have stood at the RSA booth in conferences, with my phone paging for other devices, and watched other people's devices show up," Magnus Nystrom, technical director of RSA Security, told ZDNet.

    He reports that many devices permitted access without requesting a "pairing code", opening the door to all manner of abuse - stealing personal data of passers-by or even making calls on other phones - in the hands of the unscrupulous.
    and this at zdnet.co.uk

    RSA 2002: If you have Bluetooth, make sure security is enabled, or others might snoop your contacts or even make calls from your phone

    Bluetooth-enabled phones and PDAs may have a gaping security gap, which could allow other people to read data such as personal contacts and appointments, and even make phone calls using the owner's identity. Some of these devices are shipped with the security features in Bluetooth disabled, allowing other Bluetooth devices access, according to RSA Security.

    "I have stood at the RSA booth in conferences, with my phone paging for other devices, and watched other people's devices show up," said Magnus Nystrom, technical director of RSA Security. Many devices simply allowed access without demanding a "pairing" code, said Nystrom, and would have allowed him to examine the personal data of passers-by, or even to make calls with their phones.

    Such phone calls (which might flippantly be described as warphoning) would be a serious breach. Not only could they add vastly to the victims phone bill, they could also allow the attacker to impersonate the victim. Using phone numbers from the victim's database, he could call people or businesses known to the victim, who might accept the call as genuine since it would come from the victim's own phone.

    "That's scary," said Peter Laakkonen, principal at SecVen, a US-based security strategy advisor, and a speaker at the RSA Conference in Paris. "If people don't realise they have Bluetooth, they may be unaware of the possibility of this weakness. Other people could be impersonating them without their knowledge."

    Most Bluetooth-enabled devices -- particularly those from leading brands -- appear to ship with security enabled. This includes all devices from Palm, iPaq, Ericsson and Nokia that have arrived in the ZDNet UK offices for review.

    Work is underway to improve both authentication and encryption over Bluetooth links, according to Nystrom, who is concerned about weaknesses in Bluetooth, even when security is enabled.

    Bluetooth, conceived as a cable replacement technology for linking devices within the user's field of view, was designed with a limited amount of security, but even the basic standard contains enough security features to eliminate this threat. Under Bluetooth's security specification, before two devices pair, the same code number must be entered into both of them.

    Within phones, features such as address books and phone are set up as different services. Business card exchange is usually set up with no security, as this is data that you want public, but other services are not accessible from this one.
    thought's views on this subject highly wecome

    heh come on people im trying to get more techinical disscusions going
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work

  2. #2
    Might become the next drive by hacking clone. If you think about it, wireless technology is very unsecure from an accessability point of view, since anyone can come and sniff for a wireless network. But in normal circumstances, you either have to dial in to a service, or plug yourself into the network.

    Accessabiliy isnt good!

  3. #3
    Senior Member
    Join Date
    Apr 2002
    It is clear that security dedicated to these wireless devices had better be the next wave of the future. Technology comes in waves but rarely does the security follow at the same rate.

    IBM is claiming their new thinkpad laptop has a security chip to provide more secure internet surfing. Their own info can be found here .

    Time will tell whether or not things improve in the wireless era. It's going to have to, as more and more wireless becomes popular.

  4. #4
    Hi mom!
    Join Date
    Aug 2001
    Wait a sec, don't start blaming the bluetooth security here at once. The security-breech here is that some companies produce and sell their bluetooth-enabled stuff with its safety-features turned off by default! This is like installing an alarm in your car, without turning it on, or even locking the doors when you leave.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts