Menu

Database

BlueSnarf

WVE ID: WVE-2005-0003

Type: Vulnerability

Status: Candidate

Classification:
Authentication Management
Information Disclosure

Description:
The BlueSnarf vulnerability allows an attacker to covertly retrieve information from certain models of Bluetooth enabled cellular phones via the OBEX protocol.

Discussion:
The Bluesnarf vulnerability is a flaw in the implementation of the OBEX Push service in certain Bluetooth devices. The OBEX Push service provideds for the easy exchange of information, and is very much like a binary version of the file transfer protocol (FTP). Devices that implement the protocol through an OBEX Push daemon do not allow file browsing, thus an attacker is limited to retrieving files with already known names. However, many file names for storing information on cell phones are standardized and defined by the IrMC (Infrared Mobile Communications) specification, so this limitation will not present an obstacle to an attacker (e.g., the phonebook filename is 'telecom/pb.vcf', the calendar is 'telecom/cal.vcs', etc.).

Information that can be retrieved via this method includes, but is not limited to Phonebook and calendar entries, Phone clock settings, the business card, configuration setttings, and the phone's IMEI (International Mobile Equipment Identity).

The information contained in such entries can be used for social engineering and at worst (in the case of the IMEI) cellular phone cloning.

Phones that are known to be vulnerable at this time are Sony/Ericcson T39m, T68, R520m, T68i, T610, Z1010, and Z600; and Nokia 6310, 6310i, 8910, and 8910i.

Credits
Author: Marcel Holtmann (marcel@trifinite.org) : trifinite.org
Author: Adam Laurie (adam@trifinite.org) : trifinite.org

References
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031111/fc473484/blu-0001.txt
URL: http://trifinite.org/trifinite_stuff_bluesnarf.html

Released: 2003-11-11

Submitter
Andrew Lockhart (alockhart@networkchemistry.com) : Network Chemistry

Submitted: Mon Oct 24 09:54:13 -0700 2005

Candidate Date: Thu Oct 06 14:35:58 -0700 2005


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...