WVE ID: WVE-2005-0041
Type: Exploit
Status: Candidate
Classification:
Other
Description:
Redfang is a tool that brute-forces Bluetooth BD addresses in order to communicate with devices in non-discoverable mode.
Discussion:
RedFang accomplishes this by iterating through a user supplied range of device addresses and attempting to do a read_remote_name() on each one. If an address belongs to a Bluetooth device in the area, then the read_remote_name() call will return the device's name. A malicious person can then use this information to attack the device even if it's non-discoverable.
To speed up the process, Redfang supports the user of multiple Bluetooth adapters to scan the supplied address range. Each adapter then scans disjoint portions of the address range.
Credits
Author:
Ollie
Whitehouse
(ollie@atstake.com)
: @Stake
References
URL:
http://www.net-security.org/software.php?id=519
URL:
http://www.securiteam.com/tools/5JP0I1FAAE.html
Released: 2003-06-15
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Thu Nov 17 11:36:39 -0800 2005
Candidate Date: Thu Nov 17 11:41:04 -0800 2005

