The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Hacking Bluetooth Enabled Mobile Phones and Beyond
------------------------------------------------------------------------
SUMMARY
In November 2003, various vulnerabilities on Bluetooth enabled mobile
phones emerged, as published
<http://www.thebunker.net/security/bluetooth.htm> here. The full details
of these vulnerabilities in Bluetooth can be found in the slideshow linked
here.
DETAILS
Details of the attacks were disclosed at the
<http://www.ccc.de/congress/2004/fahrplan/event/66.en.html> Chaos Computer
Club's
annual congress in Berlin - 21C3
(Video of the lecture will be on the CCC site in due course.)
The Slides from the talk can be found here:
<http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf>
http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf
It was felt, as the industry had been given a full 13 months to react to
the original threat discovery, and responsible manufacturers had
engineered and released firmware upgrades, that the time had come for full
disclosure. This became increasingly urgent as it was clear that the
techniques used were becoming relatively widely known within the security
community, and it could therefore be assumed that the same was true for
criminal and/or malicious users.
Vendor Responses:
Nokia's response page is here:
<http://www.nokia.com/nokia/0,,56221,0.html>
http://www.nokia.com/nokia/0,,56221,0.html
It emerged at the conference that Nokia have created a special warranty
code for the Bluetooth security issues, and any affected phone, regardless
of age or origin, can be upgraded under that code free of charge. This was
stated by a member of the audience during the presentation, and has not
yet been verified.
Known affected devices: 6310, 6310i, 8910, 8910i
Sony Ericsson have not responded directly to the author, but have stated
publicly that the problem has been fixed in all affected phones. This has
not been verified, and availability of firmware upgrades is unknown.
Known affected devices: T68, T68i, R520m, T610, Z1010, Z600
Motorola stated that they are committed to fixing the problem, but further
details are unknown.
Known affected devices: V80, V5xx, V6xx and E398.
ADDITIONAL INFORMATION
The information has been provided by <mailto:adam.laurie@thebunker.net>
Adam Laurie.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
