Bugtraq: Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data

From: nosp <nosp () xades com>
Date: Fri, 14 Nov 2003 16:05:36 +0000

On Fri, 2003-11-14 at 10:21, Pentest Security Advisories wrote:
[...]

No, you didn't misread - The T610, whilst still vulnerable to some 
attacks, does provide more protection
of OBEX profiles. In this respect, it's better than the other phones / 
devices we've tested.

On the particular T610 that was tested, we found that whilst it was 
possible to upload files to the phone we could not download files from it.


It is very possible (and easy) to download (very) sensitive files from a
T610 as long as the MAC is known; no pairing necessary.  Firmware rev
R3C002.  Files include calendar and phonebook.

By Date By Thread

Current thread:

Re: Serious flaws in bluetooth security lead to disclosure of personal data Pentest Security Advisories (Nov 13)
- Re: Serious flaws in bluetooth security lead to disclosure of personal data Adam Laurie (Nov 14)
- Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data Jordan Wiens (Nov 14)
  - Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data Pentest Security Advisories (Nov 14)
    - Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data nosp (Nov 14)
- Re: Serious flaws in bluetooth security lead to disclosure of personal data Andreas Steinmetz (Nov 14)