Penetration Testing mailing list archives

Re: Legality of blue tooth hacking

From: Tim Hurman <kano-bugtraq () kano org uk>
Date: Thu, 16 Mar 2006 15:46:42 +0000

On Wed, Mar 15, 2006 at 01:48:05PM -0000, mht3 () earthlink net wrote:

What is the current legality of blue tooth hacking?  At a recent Cisco
security product meeting, I observed a security practice director
outside snarfing phone numbers and addresses from the various people who
were attending the meeting. He got up and presented the information
saying there was no law preventing him from snarfing information.  I
seem to recall attending a conference a while back where the laws
regarding this type of blue tooth snarfing was discussed.


If it is any help, I (and others I know) always follow the principal of
"look but don't touch". As in, there is certain information that a
Bluetooth device will give away as defined by the specification and
by the connection. Anything that the device was not specifically designed
to give away, we steer clear of.

Following that ethos, HCI scanning and SDP probes are all fine, but
snarfing addresses we stay clear of. Unless given specific permission by
the owner.

Although it would be very hard to catch you if you performed these
attacks (maybe the target would not even notice), I am sure there
numerous ways to prosecute you. In the UK, I think the computer misuse
act and the DPA would apply. Though don't quote me on that.

Tim

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------

Current thread:

Legality of blue tooth hacking mht3 (Mar 15)
- Re: Legality of blue tooth hacking Cedric Blancher (Mar 16)
- Re: Legality of blue tooth hacking Paul Robertson (Mar 16)
- Re: Legality of blue tooth hacking Tim Hurman (Mar 16)
- <Possible follow-ups>
- RE: Legality of blue tooth hacking Shenk, Jerry A (Mar 16)
- RE: Legality of blue tooth hacking Craig Wright (Mar 16)
  - RE: Legality of blue tooth hacking Chris Dalton (Mar 16)
- RE: Legality of blue tooth hacking Craig Wright (Mar 16)
- RE: Legality of blue tooth hacking Cedric Blancher (Mar 18)
  - Message not available
    - RE: Legality of blue tooth hacking Mark Teicher (Mar 19)
    - RE: Legality of blue tooth hacking Mark Teicher (Mar 20)