lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 15 Nov 2003 18:51:18 +0000
From: Pentest Security Advisories <alerts@...test.co.uk>
To: Adam Laurie <adam@...roup.co.uk>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: Serious flaws in bluetooth security lead to disclosure of personal data


On Fri, Nov 14, 2003 at 12:40:01PM +0000, Adam Laurie wrote:

<snip>

> i think "hint" is the operative word here. i came away from defcon
> unaware that such an attack was possible, and, to date, i am still
> unable to find any papers or tools that do anything other than brute
> forcing of macs or show that it's possible to browse services from a
> brute forced mac (and just to be clear here - this does not mean browse
> files. it just means you can obtain a list of services such as fax, obex
> etc., not do anything with them). my co-author, ben, is a fellow shmoo,
> and he was equally unaware, and their sniffer tool gives no hint that it
> can be taken any further, nor does bruce's presentation
> (http://www.shmoo.com/~gdead/dc-11-brucepotter.ppt), although it's 
> possible his actual talk did, but that is not yet available on the 
> defcon site. since posting, marcel holtmann has brought his papers to my 
> attention, but i have not yet seen an english translation, so i can't 
> comment. your own tool "btscanner" 
> (http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads)
> makes no mention of this attack, and the only reference to any file
> transfer mechanism is "obex", which is is in the "To do" section of the
> README: "3) Try to connect to services, particularly OBEX which requires
> no pair.".

You are correct neither bluesniff or btscanner attempt to tranfer files
over OBEX at the moment, but they do identify bluetooth devices running
OBEX services. Once you have identified the device you can use tools such
as "obexftp-0.10.4" for Linux or "obexapp" on FreeBSD to GET or PUT files
over Bluetooth to a vulnerable device.

> in the meantime, my discussions with manufacturers indicate that so far
> they have only been made aware of theoretical attacks, and nobody has
> thus far been able to actually pull data from the targets. this attack
> changes that.

Get them to have a look at http://www.oook.cz/bsd/bluetooth.html

Cheers,
Mark. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ