[TOOL] Bluesnarfer - A Bluesnarfing Utility
From: SecuriTeam (support_at_securiteam.com)
Date: 03/07/05
- Previous message: SecuriTeam: "[EXPL] Computer Associates License Client Service Stack Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 7 Mar 2005 19:09:19 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Bluesnarfer - A Bluesnarfing Utility
------------------------------------------------------------------------
SUMMARY
DETAILS
What is Bluesnarfing?
Serious flaws in Bluetooth security lead to disclosure of personal data
Summary
In November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there
are serious flaws in the authentication and/or data transfer mechanisms on
some Bluetooth enabled devices. Specifically, three vulnerabilities have
been found:
First, confidential data can be obtained, anonymously, and without the
owner's knowledge or consent, from some Bluetooth enabled mobile phones.
This data includes, at least, the entire phonebook and calendar, and the
phone's IMEI.
Second, it has been found that the complete memory contents of some mobile
phones can be accessed by a previously trusted ("paired") device that has
since been removed from the trusted list. This data includes not only the
phonebook and calendar, but media files such as pictures and text
messages. In essence, the entire device can be "backed up" to an
attacker's own system.
Third, access can be gained to the AT command set of the device, giving
full access to the higher level commands and channels, such as data, voice
and messaging. This third vulnerability was identified by Martin Herfurt,
and they have since started working together on finding additional
possible exploits resulting from this vulnerability.
Finally, the current trend for "Bluejacking" is promoting an environment
which puts consumer devices at greater risk from the above attacks.
The SNARF attack:
It is possible, on some makes of device, to connect to the device without
alerting the owner of the target device of the request, and gain access to
restricted portions of the stored data therein, including the entire
phonebook (and any images or other data associated with the entries),
calendar, real time clock, business card, properties, change log, IMEI
(International Mobile Equipment Identity, which uniquely identifies the
phone to the mobile network, and is used in illegal phone 'cloning'). This
is normally only possible if the device is in "discoverable" or "visible"
mode, but there are tools available on the Internet that allow even this
safety net to be bypassed. Further details will not be released at this
time (see below for more on this), but the attack can and will be
demonstrated to manufacturers and press if required.
For more information see:
<http://www.thebunker.net/security/bluetooth.htm>
http://www.thebunker.net/security/bluetooth.htm
The Tool:
Bluesnarfer will download the phonebook of any mobile device vulnerable to
bluesnarfing.
For more information on Bluetooth hacking, see the following whitepaper
(with proof of concept):
<http://www.alighieri.org/tools/bluetooth.tar.gz>
http://www.alighieri.org/tools/bluetooth.tar.gz
Download Information:
The tool's source code can be found at:
<http://www.alighieri.org/tools/bluesnarfer.tar.gz>
http://www.alighieri.org/tools/bluesnarfer.tar.gz
The tool compiles under Linux with kernel bluetooth support. (The tool
require kernel headers).
ADDITIONAL INFORMATION
To keep updated with the tool visit the project's homepage at:
<http://www.alighieri.org/project.html>
http://www.alighieri.org/project.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[EXPL] Computer Associates License Client Service Stack Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
