Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data

To: Pentest Security Advisories <alerts@xxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
From: nosp <nosp@xxxxxxxxx>
Date: Fri, 14 Nov 2003 16:05:36 +0000
Cc: Jordan Wiens <jwiens@xxxxxxxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
In-reply-to: <3FB4AC90.7060506@xxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <3FB16881.4030104@xxxxxxxxxxxxx> <3FB401AA.6010408@xxxxxxxxxxxxx> <Pine.LNX.4.58.0311140114130.19768@xxxxxxxxxxxxxxxxxxx> <3FB4AC90.7060506@xxxxxxxxxxxxx>

On Fri, 2003-11-14 at 10:21, Pentest Security Advisories wrote:
[...]
> No, you didn't misread - The T610, whilst still vulnerable to some 
> attacks, does provide more protection
> of OBEX profiles. In this respect, it's better than the other phones / 
> devices we've tested.
> 
> On the particular T610 that was tested, we found that whilst it was 
> possible to upload files to the phone we could not download files from it.

It is very possible (and easy) to download (very) sensitive files from a
T610 as long as the MAC is known; no pairing necessary.  Firmware rev
R3C002.  Files include calendar and phonebook.

References:
- Serious flaws in bluetooth security lead to disclosure of personal data
  - From: Adam Laurie
- Re: Serious flaws in bluetooth security lead to disclosure of personal data
  - From: Pentest Security Advisories
- Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
  - From: Jordan Wiens
- Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
  - From: Pentest Security Advisories

Prev by Date: Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
Next by Date: Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
Previous by thread: Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
Next by thread: Re: Serious flaws in bluetooth security lead to disclosure of personal data
Index(es):
- Date
- Thread