Re: Legality of blue tooth hacking



Le mercredi 15 mars 2006 à 13:48 +0000, mht3@xxxxxxxxxxxxx a écrit :
At a recent Cisco security product meeting, I observed a security
practice director outside snarfing phone numbers and addresses from
the various people who were attending the meeting. He got up and
presented the information saying there was no law preventing him from
snarfing information. I seem to recall attending a conference a while
back where the laws regarding this type of blue tooth snarfing was
discussed.

In France, law says breaking (or trying to) into an "automated
information processing system" is illegal without owner consent. In this
case, the phone is clearly an "automated information processing system"
and this guy is stealing informations without user consent. It's as well
illegal to enter and/or maintain into such a system without owner
content, and so is dowloading and/or altering data. Not speaking of the
fact we're speaking of personal data, that can raise special legal
aspects in some situations. So, from many aspects, it's illegal. Period.

From a more technical point of vue, bluesnarfing[1][2] relies on
exploiting improper OBEX implementations, what basicly is called
exploiting a flaw. Thus, if this would be legal, then exploiting any
random flaw would be as well !?

I don't even see how the illegality of bluesnarfing could be
questionnable...


[1] http://trifinite.org/trifinite_stuff_bluesnarf.html
[2] http://trifinite.org/trifinite_stuff_bluesnarfpp.html

--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
CanSecWest Practical WiFi (in)Security Master Dojo:
http://cansecwest.com/dojowifi.html

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx
------------------------------------------------------------------------------