Bluetooth Security Hacking
Short summary:
Bluetooth Security Hacking. Tell partner to delete pairing. Hold connection open. Request change of connection link key. Principles of good Security (CESG/GCHQ) Confidentiality Data kept private Integrity Data has not been modified Availability Data is available ...
Long summary:
Bluetooth Security Hacking . because infinite is sometimes not enough! Bluetooth Security Hacking The State of the Art WEBSEC 2006 March 30st 2006, London, United Kingdom by Adam Laurie, Marcel Holtmann and Martin Herfurt . because infinite is sometimes not enough! Agenda Quick technology overview Security mechanisms Known vulnerabilities Toools & new stuff Demonstrations . because infinite is sometimes not enough! Who is investigating Adam Laurie CSO of The Bunker Secure Hosting Ltd. DEFCON staff and organizer Apache-SSL co-publisher Marcel Holtmann Maintainer of the Linux Bluetooth stack Red Hat Certified Examiner (RHCX) Martin Herfurt Security researcher Founder of trifinite.org . because infinite is sometimes not enough! What we are up against . because infinite is sometimes not enough! What is Bluetooth Bluetooth SIG Trade association Founded 1998 Owns and licenses IP Bluetooth technology A general cable replacement Using the ISM band at 2.4 GHz Protocol stack and application profiles . because infinite is sometimes not enough! Network Topology Hopping sequence defines the piconet Master defines the hopping sequence 1600 hops per second on 79 channels Up to seven active slaves Scatternet creation . because infinite is sometimes not enough! Bluetooth Stack Security mechanisms on the Bluetooth chip Bluetooth host security mechanisms Application specific security mechanisms . because infinite is sometimes not enough! Security modes Security mode 1 No active security enforcement Security mode 2 Service level security On device level no difference to mode 1 Security mode 3 Device level security Enforce security for every low-level connection . because infinite is sometimes not enough! How pairing works First connection HCI_Link_Key_Notification (optional) . because infinite is sometimes not enough! Principles of good Security (CESG/GCHQ) Confidentiality Data kept private Integrity Data has not been modified Availability Data is available when needed Authentication Identity of peer is proven Non-repudiation Peer cannot deny transaction took place . because infinite is sometimes not enough! Breaking all of them Confidentiality Reading data Integrity Modifying data Availability Deleting data Authentication Bypassed completely Non-repudiation Little or no logging / no audit trails . because infinite is sometimes not enough! Remember Paris . because infinite is sometimes not enough! Compromised Content Paris Hiltons phonebook Numbers of real Celebrities (rockstars, actors .) Images US Secret Service Confidential documents . because infinite is sometimes not enough! BlueSnarf Trivial OBEX push attack Pull knows objects instead of pushing No authentication Discovered by Marcel Holtmann Published in October 2003 Also discovered by Adam Laurie Published in ...
Source: trifinite.org
Related
Bluetooth Hacking - Full Disclosure, Bluetooth Hacking Full Disclosure @ 21C3.
Blue snarfing Data Theft Calendar
Appointments Images Phone Book Names,
Addresses, Numbers PINs and other codes
Images Bluetooth Hacking Full Disclosure
...,
more
Hacking Bluetooth Enabled Mobile Phones and Beyond, Bluetooth Scatternet. All security
routines are inside the Bluetooth chip.
Bluetooth Technology Data and voice
transmission ACL data connections SCO and
eSCO voice channels Symmetric and
asymmetric connections Frequency hopping
ISM band ...,
more
An Ethical Guide to Hacking Mobile Phones, Bluetooth Hacking. Bluejack Attack OBEX
Push Bluespamming Bluetoothing Modifying a
Remote Mobile Phones Address Book Fadias
Hot Tools for Bluejacking Countermeasures,
more
