Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE-2005-0001: Car Whisperer (Exploit)
Candidate
Car Whisperer is a tool that can be used to eavesdrop on and broadcast audio to a Bluetooth headset or hands-free device. It accomplishes this by relying on the well-known and static nature of the PIN codes that these types of devices use.
WVE-2005-0002: BlueBug (Vulnerability)
Candidate
BlueBug is the name given to a vulnerability found on certain Nokia, Sony/Ericcson, and Motorola phones that use Bluetooth which allows an attacker to establish a serial connection to the phone without authenticating. This allows an attacker to nearly take full control of the phone through AT commands.
WVE-2005-0003: BlueSnarf (Vulnerability)
Candidate
The BlueSnarf vulnerability allows an attacker to covertly retrieve information from certain models of Bluetooth enabled cellular phones via the OBEX protocol.
WVE-2005-0004: Bloover (Exploit)
Candidate
Blooover is a proof-of-concept tool that can be used to exploit cellular phones that are vulnerable to the BlueSnarf and BlueBug attacks.
WVE-2005-0005: BlueSmack (Vulnerability)
Candidate
BlueSmack is a vulnerability in the L2CAP layer of some Bluetooth devices that results in a Denial of Service.
WVE-2005-0006: BlueSnarf++ (Vulnerability)
Candidate
BlueSnarf++ is a variation on the BlueSnarf vulnerability. This vulnerability allows the attacker to fully browse the vulnerable device's filesystem and not only read, but write data to the device.
WVE-2005-0007: HeloMoto (Vulnerability)
Candidate
The HeloMoto vulnerability is a combination of the BlueBug and BlueSnarf attacks, yielding nearly full control of a vulnerable device. The vulnerability was first discovered in Motorola phones, hence its name.
WVE-2005-0008: 802.11 SSID Can be Spoofed (Vulnerability)
Candidate
The SSID used to identify an 802.11 network can be trivially faked by an attacker. Since the SSID is displayed to the user by most 802.11 clients and used to choose which network to connect to, a spoofed SSID can be used to trick a client into connecting to the wrong AP.
WVE-2005-0009: Static Bluetooth PIN codes (Vulnerability)
Candidate
Bluetooth devices that have no means for PIN code input come with a hard-coded PIN to use when pairing with another device.
WVE-2005-0010: Blueprint (Exploit)
Candidate
Blueprint is a tool that can be used to identify the make and model of a particular Bluetooth device remotely.
