lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat May  7 14:21:48 2005
From: Thierry at sniff-em.com (Thierry Zoller)
Subject: Bluetooth related security problem with
	Motorola E398 GSM phone

Dear Tonu Samuel,

This is expected behaviour and refered to as the "Backdoor" attack,
once you have an existing pair (Backdoor) you can connect to it without
further warning message (again depends on  implementation).

So yes as far as I am concerned there is not much to fix here, except
perhaps to display a warning message DEVICE XY connects (YES NO) even
when paired.

>BTW, Similar problems are in SonyEricsson.
Type? Lots of (older) Ericcson phones are known to be epxloitable.
(T68, 680 etc), this is documented on the bunker.net site.

TS> I got Motorola E398 phone and was trying all known bluetooth exploits on it.
TS> None of them worked (which is good of course). But meanwhile I got some ideas
TS> and after some modifications to existing exploits I found a way to fool my
TS> phone. This is not a very brilliant exploit, so I can post full disclosure
TS> here but would be nice if someone can forward it to right people in Motorola.

-- 
Thierry Zoller
mailto:Thierry@...ff-em.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ