Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0011
Type: Exploit
Status: Candidate
Classification:
Other
Description:
BT Audit is a suite of tools used to scan L2CAP PSMs and RFCOMM channels on a remote Bluetooth device.
Discussion:
BT Audit is used for scanning L2CAP PSMs (Protocol Service Multiplexers) and RFCOMM channels. In a way it can be thought of as the Bluetooth equivalent of a TCP/UDP port scanner. The tool is useful for discovering PSMs or RFCOMM channels that are open on a remote device, but not advertised through SDP. For instance, the BlueBug vulnerability is exploited through a hidden RFCOMM channel.
The Bluetooth L2CAP layer makes use of PSMs to enable multiple connections to higher layers in the protocol stack. L2CAP PSMs are odd-numbered and range from 1 to 65535. The component of BT Audit responsible for scanning PSMs is psm_scan.
The RFCOMM layer provides RS232 serial emulation to Bluetooth devices and allows for up to 30 channels. rfcomm_scan is used for scanning these channels.
Credits
Author:
Collin
Mulliner
(collin@trifinite.org)
: trifinite.org
References
URL:
http://trifinite.org/trifinite_stuff_btaudit.html
Released: 2003-11-28
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Wed Oct 19 14:17:07 -0700 2005
Candidate Date: Mon Oct 24 10:05:26 -0700 2005
