Full Disclosure mailing list archives
Re: Serious flaws in bluetooth security lead to disclosure of personal data
From: Pentest Security Advisories <alerts () pentest co uk>
Date: Sat, 15 Nov 2003 18:51:18 +0000
On Fri, Nov 14, 2003 at 12:40:01PM +0000, Adam Laurie wrote: <snip>
i think "hint" is the operative word here. i came away from defcon unaware that such an attack was possible, and, to date, i am still unable to find any papers or tools that do anything other than brute forcing of macs or show that it's possible to browse services from a brute forced mac (and just to be clear here - this does not mean browse files. it just means you can obtain a list of services such as fax, obex etc., not do anything with them). my co-author, ben, is a fellow shmoo, and he was equally unaware, and their sniffer tool gives no hint that it can be taken any further, nor does bruce's presentation (http://www.shmoo.com/~gdead/dc-11-brucepotter.ppt), although it's possible his actual talk did, but that is not yet available on the defcon site. since posting, marcel holtmann has brought his papers to my attention, but i have not yet seen an english translation, so i can't comment. your own tool "btscanner" (http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads) makes no mention of this attack, and the only reference to any file transfer mechanism is "obex", which is is in the "To do" section of the README: "3) Try to connect to services, particularly OBEX which requires no pair.".
You are correct neither bluesniff or btscanner attempt to tranfer files over OBEX at the moment, but they do identify bluetooth devices running OBEX services. Once you have identified the device you can use tools such as "obexftp-0.10.4" for Linux or "obexapp" on FreeBSD to GET or PUT files over Bluetooth to a vulnerable device.
in the meantime, my discussions with manufacturers indicate that so far they have only been made aware of theoretical attacks, and nobody has thus far been able to actually pull data from the targets. this attack changes that.
Get them to have a look at http://www.oook.cz/bsd/bluetooth.html Cheers, Mark. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data, (continued)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Jordan Wiens (Nov 13)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Pentest Security Advisories (Nov 14)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data fulldisc (Nov 14)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data nosp (Nov 14)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Pentest Security Advisories (Nov 15)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data fulldisc (Nov 16)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Jordan Wiens (Nov 13)
- Re: Re: Serious flaws in bluetooth security leadto disclosure of personal data nosp (Nov 14)
- RE: Re: Serious flaws in bluetooth security lead to disclosure of personal data Scott Taylor (Nov 14)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Kurt Seifried (Nov 14)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Bob Johnson (Nov 14)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Kurt Seifried (Nov 14)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Ron DuFresne (Nov 16)
- RE: Re: Serious flaws in bluetooth security lead to disclosure of personal data Steve Wray (Nov 16)
- Re: Re: Serious flaws in bluetooth security lead to disclosure of personal data Kurt Seifried (Nov 14)