Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
Full Version: New Bluetooth "drill"
GovernmentSecurity.org > General GSO > In The News
beardednose
Jun 13 2005, 12:44 PM
New Crack Bites Bluetooth Security
By Larry Loeb
June 7, 2005

Opinion: Larry Loeb looks at an exploit that could allow rogue devices to hijack Bluetooth sessions, and reaffirms his distaste for the protocol.

I've never liked Bluetooth devices. They have always seemed finicky to me, especially the process where they "pair" with each other in order to communicate.

It may well be that this dislike stemmed from a review I tried to do a few years ago on a Bluetooth headset for mobile phones.

I spent many hours trying to get a phone and the headset to talk to each other, only to find that the phone was running an earlier version of the Bluetooth standard than the headset was using.

It was enormously frustrating to me, because there was no indication in the entire process of why the failure was occurring. It just didn't work.

So, learning about a new and inventive way to totally crack the protocol's security brought a small, thin smile of revenge to my lips as I recalled the frustration of that past review.

Read the rest at http://www.eweek.com/article2/0,1759,1825463,00.asp

-----------------
BN says:
According to a different source, the new Maytag Neptune washer and dryers are bluetooth enabled...when you open the washer, the dryer wakes up. Even comes with an ethernet port! So now an attacker can shrink your delicate clothes at will!

Also, I heard more vehicles are bluetooth. Instead of plugging the diagnostics into the port below the steering wheel, the mechanic just pulls out his "teeth" and reads the computer codes from your vehicle.
aapje
Jun 14 2005, 08:32 AM
QUOTE(beardednose @ Jun 13 2005, 12:44 PM)
I spent many hours trying to get a phone and the headset to talk to each other, only to find that the phone was running an earlier version of the Bluetooth standard than the headset was using.

It was enormously frustrating to me, because there was no indication in the entire process of why the failure was occurring. It just didn't work.


or you could read the manual, idiot.
belgther
Jun 14 2005, 10:20 AM
One thing that I didn't understand: Why does Larry Loeb, or whatever, publicize his revenge or evil aim? Is there a sense to do it? And what happens if he succeeds cracking Bluetooth totally? What will he get?

QUOTE
According to a different source, the new Maytag Neptune washer and dryers are bluetooth enabled...when you open the washer, the dryer wakes up. Even comes with an ethernet port! So now an attacker can shrink your delicate clothes at will!


I would prefer using a manually controlled washer and dryer, such a machine can be started/stopped remotely, but it doesn't put your clothes/sort them automatically at a remote bluetooth command.
Seems like these protocols are being used to "steal" our money legally and give the so-called comfort, which is nothing but laziness, imho.
raging_bull
Jun 26 2005, 12:46 AM
This is bullshit!

Bleutooh is made to be easy and ast.. not to be secuire.. If you want secuir take wlan.. But factory's are devolping products with bleutooth and after then saying it is not secuir..

Why then take bleutooth? Use that protocol that is the best for ya product.. Man i hate this bullshit.. tongue.gif
myth
Jun 26 2005, 01:04 AM
It seems I have been blessed with good luck with my bluetooth devices. I dont have a large amount, but used most often in bluetooth GPS.

Bluetooth's vulnerabilities are all too impracticle, even with a Class-A Bluetooth Adaptor, leave BT alone, just enable it when you need it....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.