Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Bluetooth related security problem with Motorola E398 GSM phone
From: Thierry Zoller <Thierry () sniff-em com>
Date: Sat, 7 May 2005 15:21:30 +0200

Dear Tonu Samuel,

This is expected behaviour and refered to as the "Backdoor" attack,
once you have an existing pair (Backdoor) you can connect to it without
further warning message (again depends on  implementation).

So yes as far as I am concerned there is not much to fix here, except
perhaps to display a warning message DEVICE XY connects (YES NO) even
when paired.

BTW, Similar problems are in SonyEricsson.
Type? Lots of (older) Ericcson phones are known to be epxloitable.
(T68, 680 etc), this is documented on the bunker.net site.

TS> I got Motorola E398 phone and was trying all known bluetooth exploits on it.
TS> None of them worked (which is good of course). But meanwhile I got some ideas
TS> and after some modifications to existing exploits I found a way to fool my
TS> phone. This is not a very brilliant exploit, so I can post full disclosure
TS> here but would be nice if someone can forward it to right people in Motorola.

Thierry Zoller
mailto:Thierry () sniff-em com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]