Bluetooth: BlueSnarf and BlueBug Full Disclusore

To: full disclosure <full-disclosure@xxxxxxxxxxxxxxxx>, bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, risks <risks@xxxxxxxxxxx>, Adam Laurie <adam.laurie@xxxxxxxxxxxxx>, Martin Herfurt <martin.herfurt@xxxxxxxxxxxxx>, Marcel Holtmann <marcel@xxxxxxxxxxxx>
Subject: Bluetooth: BlueSnarf and BlueBug Full Disclusore
From: Adam Laurie <adam.laurie@xxxxxxxxxxxxx>
Date: Fri, 31 Dec 2004 09:53:09 +0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla Thunderbird 0.9 (X11/20041110)

BlueSnarf, BlueBug & HeloMoto Full Disclosure, December 2004
------------------------------------------------------------

In November 2003, various vulnerabilities on Bluetooth enabled mobilephones emerged, as published here:


  http://www.thebunker.net/security/bluetooth.htm

Details of the attacks were disclosed at the Chaos Computer Club'sannual congress in Berlin - 21C3:


  http://www.ccc.de/congress/2004/fahrplan/event/66.en.html

Slides from the talk can be found here:

  http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf

Video of the talk will be on the CCC site in due course.

It was felt, as the industry had been given a full 13 months to react tothe original threat discovery, and responsible manufacturers hadengineered and released firmware upgrades, that the time had come forfull disclosure. This became increasingly urgent as it was clear thatthe techniques used were becoming realtively widely known within thesecurity community, and it could therefore be assumed that the same wastrue for criminal and/or malicious users.


Vendor Responses
----------------

Nokia's response page is here:

  http://www.nokia.com/nokia/0,,56221,0.html

It emerged at the conference that Nokia have created a special warrantycode for the Bluetooth security issues, and any affected phone,regardless of age or origin, can be upgraded under that code free ofcharge. This was stated by a member of the audience during thepresentation, and has not yet been verified.


Known affected devices: 6310, 6310i, 8910, 8910i

Sony Ericsson have not responded directly to the author, but have statedpublicly that the problem has been fixed in all affected phones. Thishas not been verified, and availability of firmware upgrades is unknown.


Known affected devices: T68, T68i, R520m, T610, Z1010, Z600

Motorola stated that they are committed to fixing the problem, butfurther details are unknown.


Known affected devices: V80, V5xx, V6xx and E398.

I hope this is useful, and I wish you all a safe, happy and secure New Year!

cheers,
Adam
--
Adam Laurie                         Tel: +44 (20) 7605 7000
The Bunker Secure Hosting Ltd.      Fax: +44 (20) 7605 7099
Shepherds Building                  http://www.thebunker.net
Rockley Road
London W14 0DA                      mailto:adam@xxxxxxxxxxxxx
UNITED KINGDOM                      PGP key on keyservers

Prev by Date: MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities
Next by Date: SQL Injection Vulnerability In IBProArcade
Previous by thread: MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities
Next by thread: SQL Injection Vulnerability In IBProArcade
Index(es):
- Date
- Thread