Menu

Database

Redfang

WVE ID: WVE-2005-0041

Type: Exploit

Status: Candidate

Classification:
Other

Description:
Redfang is a tool that brute-forces Bluetooth BD addresses in order to communicate with devices in non-discoverable mode.

Discussion:
RedFang accomplishes this by iterating through a user supplied range of device addresses and attempting to do a read_remote_name() on each one. If an address belongs to a Bluetooth device in the area, then the read_remote_name() call will return the device's name. A malicious person can then use this information to attack the device even if it's non-discoverable.

To speed up the process, Redfang supports the user of multiple Bluetooth adapters to scan the supplied address range. Each adapter then scans disjoint portions of the address range.

Credits
Author: Ollie Whitehouse (ollie@atstake.com) : @Stake

References
URL: http://www.net-security.org/software.php?id=519
URL: http://www.securiteam.com/tools/5JP0I1FAAE.html

Released: 2003-06-15

Submitter
Andrew Lockhart (alockhart@networkchemistry.com) : Network Chemistry

Submitted: Thu Nov 17 11:36:39 -0800 2005

Candidate Date: Thu Nov 17 11:41:04 -0800 2005


Recent Entries

TKIP Replay and Plaintext Discovery
WVE-2008-0013 11/18/2008
Active Https Cookie Hijacking
WVE-2008-0012 9/18/2008
Auto Immune Attack
WVE-2008-0011 9/17/2008
Marvell Null SSID Association Request
WVE-2008-0010 9/15/2008
Marvell EAPOL-Key Length Overflow
WVE-2008-0009 9/15/2008
Atheros IE Tag Overflow
WVE-2008-0008 9/15/2008
Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...