Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0012
Type: Exploit
Status: Candidate
Classification:
Authentication Management
Description:
The BlueBump attack involves pairing with another device for a simple service and then using that pairing to attack other services.
Discussion:
To perpetrate that attack the attacker gets the victim to accept a connection for a trivial data exchange such as receiving a business card, calendar entry, or picture.
After the data has been sent, the attacker still keeps the connection open. This enables the attacker to request a link key regeneration after the victim has deleted the pairing. After a new link key has been generated the attacker then has access to the victim's device at any time and has full access to any of the services provided by the victim's device.
Credits
Author:
Adam
Laurie
(adam@trifinite.org)
: trifinite.org
Author:
Marcel
Holtmann
(marcel@trifinite.org)
: trifinite.org
Author:
Martin
Herfurt
(martin@trifinite.org)
: trifinite.org
References
URL:
http://trifinite.org/trifinite_stuff_bluebump.html
Released: 2005-04-01
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Wed Oct 19 15:42:15 -0700 2005
Candidate Date: Mon Oct 24 10:06:40 -0700 2005
