|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Bluetooth cracking tools released
From: InfoSec News (alerts
infosecnews.org)
Date: Fri Jan 05 2007 - 00:39:28 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.techworld.com/security/news/index.cfm?newsID=7706
By Matthew Broersma
Techworld
04 January 2007
German programmers have released two tools aimed at compromising
Bluetooth devices, including PCs, at the Chaos Communications Congress
in Berlin.
Enterprises generally ignore Bluetooth from a security point of view,
but should be aware that there are fundamental security weaknesses in
the wireless specification, according to Thierry Zoller, who introduced
the tools at the conference on Friday.
Zoller, a security consultant, developed BTCrack [1], an implementation
of a flaw disclosed in 2005 by Israeli security researchers. The tool
takes advantage of weak PINs in Bluetooth devices, allowing an attacker
to listen in on a pairing session and gain access to both paired
devices.
HID Attack [2] is a proof-of-concept exploit for hijacking a Bluetooth
keyboard using the Human Interface Device (HID) standard. The attack
could allow access to sensitive systems, according to developer Collin
Mulliner, who said he came across the problem by accident while
developing a software keyboard.
"The threat potential is high, it basically is like getting physical
access to the target system," Mulliner said in a paper released in
connection with Zoller's talk.
However, several practical obstacles mean that carrying out an attack is
difficult, he acknowledged. Not all HID hosts implement server mode,
which is necessary for the attack, and the fact that the screen might
not be visible adds more complications.
And there's the main issue limiting all Bluetooth attacks - that they
must be carried out at close range.
However, the BTCrack and HID Attack show that such attacks are far from
theoretical, Zoller said in his talk.
[1] http://www.nruns.com/security_tools.php
[2] http://mulliner.org/bluetooth/hidattack.php
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]