Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bluesnarfing At CeBIT 2004

Posted by timothy on from the not-dirty-toothing dept.

La^2 writes "The Austrian research company Salzburg Research did a field trial at the CeBIT 2004 that confirms the seriousness of the recently discovered bluetooth security loophole in the firmware of popular mobile phones. In this trial, 1269 unique bluetooth-enabled devices were discovered, and their vulnerability to the so-called SNARF attack checked. The report on this bluesnarfing at large scale has interesting statistics, which may not please some of the vendors." (And the CeBIT version of Knoppix was apparently being used to slurp up and display Bluetooth phone information, too.)

4 of 104 comments (clear)

  1. Retail applications by Animats · · Score: 5, Insightful
    If someone used this hole to collect information about customers entering a store, there are people who would defend that as legitimate.

    Just post a little disclaimer in tiny print at the entrance.

  2. Today's security hacking lesson by AndroidCat · · Score: 5, Insightful

    Methods:
    Publish vulnerablities with code examples proving it. WRONG!
    Loudly hack everyone's security at a big trade show. CORRECT!

    --
    One line blog. I hear that they're called Twitters now.
    1. Re:Today's security hacking lesson by Strange+Ranger · · Score: 5, Insightful

      This is not a Troll you jackass mods. I just came from the YRO: Hacker Indicted In France... and was thinking the exact same thing.

      It's +4 Insightful.

      +5 would be:
      Act as a lone citizen and Publish vulnerablities with code examples proving it. WRONG!
      Make sure you're part of company with a team of lawyers and Loudly hack everyone's security at a big trade show. CORRECT!

      --

      Operator, give me the number for 911!
  3. Re:Spammers by Lumpy · · Score: 2, Insightful

    Better yet, have everyone at a starbucks dial a phone number of a place you are trying to annoy or DDOS their phones.

    The evil cracker use of this is insane.. hell having hundreds of cellphones calling a dial in back door of a place you are trying to crack will hide your attacks quite well. and I am sure you can initiate a data call via bluetooth, so let's start cracking attempts or wardialing from unknowing bystanders.

    All I know is that I am making damn sure my next phone does NOT have bluetooth. I can see the abuses and invent quite a few that wil be used by the lack hat community in a very VERY short amount of time.

    --
    Do not look at laser with remaining good eye.