|
-
November 19th, 2003, 03:13 PM
#1
Bluetooth "flaws" cause data disclosure
Didnt' see this here yet, so here goes..
There are serious flaws in the authentication and/or data transfer mechanisms on some bluetooth enabled devices. Specifically, two vulnerabilities have been found:
Firstly, confidential data can be obtained, anonymously, and without the owner's knowledge or consent, from some bluetooth enabled mobile phones. This data includes, at least, the entire phonebook and calendar.
Secondly, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted ("paired") device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be "backed up" to an attacker's own system.
Finally, the current trend for "Bluejacking" is promoting an environment which puts consumer devices at greater risk from the above attacks.
http://www.bluestumbler.org/
http://bluesniff.shmoo.com/
http://www.pentest.co.uk/cgi-bin/vie...n=01_bluetooth
http://www.atstake.com/research/tools/info_gathering/
http://www.bluejackq.com/
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
November 19th, 2003, 10:02 PM
#2
oh boy! BlueTooth flaw!  The Standart was just starting to lift up!!
-
November 19th, 2003, 11:32 PM
#3
looks like blue tooth is turning into a blue screen 
"When in doubt, use Brute Force."
Never argue with an idiot. They'll drag you down to their level, then beat you with experience.
-
November 25th, 2003, 07:25 PM
#4
Banned
Bluetooth is bullcrap. It works like China. in theory it will work but in reality it as cheap as what it costs. I'm waiting for something better instead of using bluetooth. And you should too.
p. s. I like mandraketux's signature, but I don't applaud the vulgar language.
-
November 25th, 2003, 11:35 PM
#5
Last week we reported on preliminary research from security firm A.L. Digital which suggested a number of security problems with Bluetooth-enabled mobile phones from Nokia and Ericsson. The paper argued that digital pickpockets could swipe address books and data from mobile phones because of security shortcomings in the implementation of Bluetooth by the manufacturers.
Not so, says Nick Hunn, who in addition to his day job at TDK Systems is a long-standing proponent of and expert on Bluetooth. Nick reckons A.L. Digital's research gives little cause for concern. The easiest way to get data off a mobile phone is to steal it, according to Nick:
http://www.theregister.co.uk/content/69/34139.html
-Maestr0
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote