| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Dec 2004 09:53:09 +0000 From: Adam Laurie <adam.laurie@...bunker.net> To: full disclosure <full-disclosure@...ts.netsys.com>, bugtraq <bugtraq@...urityfocus.com>, risks <risks@....sri.com>, Adam Laurie <adam.laurie@...bunker.net>, Martin Herfurt <martin.herfurt@...finite.org>, Marcel Holtmann <marcel@...tmann.org> Subject: Bluetooth: BlueSnarf and BlueBug Full Disclusore BlueSnarf, BlueBug & HeloMoto Full Disclosure, December 2004 ------------------------------------------------------------ In November 2003, various vulnerabilities on Bluetooth enabled mobile phones emerged, as published here: http://www.thebunker.net/security/bluetooth.htm Details of the attacks were disclosed at the Chaos Computer Club's annual congress in Berlin - 21C3: http://www.ccc.de/congress/2004/fahrplan/event/66.en.html Slides from the talk can be found here: http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf Video of the talk will be on the CCC site in due course. It was felt, as the industry had been given a full 13 months to react to the original threat discovery, and responsible manufacturers had engineered and released firmware upgrades, that the time had come for full disclosure. This became increasingly urgent as it was clear that the techniques used were becoming realtively widely known within the security community, and it could therefore be assumed that the same was true for criminal and/or malicious users. Vendor Responses ---------------- Nokia's response page is here: http://www.nokia.com/nokia/0,,56221,0.html It emerged at the conference that Nokia have created a special warranty code for the Bluetooth security issues, and any affected phone, regardless of age or origin, can be upgraded under that code free of charge. This was stated by a member of the audience during the presentation, and has not yet been verified. Known affected devices: 6310, 6310i, 8910, 8910i Sony Ericsson have not responded directly to the author, but have stated publicly that the problem has been fixed in all affected phones. This has not been verified, and availability of firmware upgrades is unknown. Known affected devices: T68, T68i, R520m, T610, Z1010, Z600 Motorola stated that they are committed to fixing the problem, but further details are unknown. Known affected devices: V80, V5xx, V6xx and E398. I hope this is useful, and I wish you all a safe, happy and secure New Year! cheers, Adam -- Adam Laurie Tel: +44 (20) 7605 7000 The Bunker Secure Hosting Ltd. Fax: +44 (20) 7605 7099 Shepherds Building http://www.thebunker.net Rockley Road London W14 0DA mailto:adam@...bunker.net UNITED KINGDOM PGP key on keyservers
Powered by blists - more mailing lists