[REVS] Man-In-The-Middle Attack Using Bluetooth In A WLAN Interworking Environnment

From: SecuriTeam (support_at_securiteam.com)
Date: 02/04/04

  • Next message: SecuriTeam: "[NEWS] Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow" 
    To: list@securiteam.com
Date: 4 Feb 2004 10:05:47 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Man-In-The-Middle Attack Using Bluetooth In A WLAN Interworking
    Environnment
    ------------------------------------------------------------------------

    SUMMARY

    A Bluetooth link between peripheral devices does not require integrity
    protection/validation. This in turn opens the door for a man-in-the-middle
    type of attack on the bluetooth link in a WLAN internetworking environment
    - by luring the victim to connect to a malicious WLAN access point the
    attacker is not required to know the Bluetooth link key. The attacker can
    repeat this attack on the same victim many times in any WLAN network.

    DETAILS

    The paper by Eric Gauthier describes the assumptions and attack on the
    bluetooth link and details what is vulnerable and why. It presents a
    discussion about the requirements and the conditions in which such an
    attack can take place, how it is performed and the consequences of
    compromising the bluetooth link.

    ADDITIONAL INFORMATION

    The paper can be found at
    <http://developers.of.pl/papers/mirror/S3.xxxOr-BT-attack.zip>
    http://developers.of.pl/papers/mirror/S3.xxxOr-BT-attack.zip
    The information has been provided by <mailto:lluzar@tigeraudits.com>
    Lukasz Luzar

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow"

    Relevant Pages

    • [REVS] Understanding and Preventing DNS-related Attacks by Phishers
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... This paper, extending the original material of "The Phishing Guide", ... Internet-based customers are dependent upon, and how they can be exploited ... This paper focuses upon a recent group of attack vectors used by criminals ...
      (Securiteam)
    • [NT] Microsoft Outlook Web Access XSS (MS08-039)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Web Access (OWA) 2003/2007. ... Exchange Server 2007, Exchange Server 2007 SP1) ... An attacker can craft a malicious email which contains the attack strings ...
      (Securiteam)
    • [REVS] Multiple Collisions attack on MD5 and other Hashing Algorithms
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... This collision attack might someday introduce a weakness in MD5 ... The presented attack can find many real collisions which are ...
      (Securiteam)
    • [NEWS] Common DNS Misconfiguration can Lead to "same Site" Scripting
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... attack is trivial, for example, from a shared UNIX system, an attacker ... via) a machine that hosts another website, ... configurations for domains that host websites that rely on HTTP state ...
      (Securiteam)
    • [NEWS] Cisco Unified Communications Manager SQL Injection
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Cisco Unified Communications Manager is vulnerable to a SQL Injection ... attack in the parameter key of the admin and user interface pages. ... Cisco has released free software updates that address this vulnerability. ...
      (Securiteam)