Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Bluetooth Activesync - requesting test
From: "Greg" <full-disclosure2 () pchandyman com au>
Date: Thu, 9 Feb 2006 14:17:10 +1100

OK this sounds screwy but if someone has the equipment, can you test and let
us all know please?

A PDA I was working on that had to be Activesync'd to one computer had the
PDA name "John" rather than the standard name that comes with the PDA.
Another PDA was already working Activesync. Both were over bluetooth
encrypted. The other one was named "Cheryl" just for info's sake. 

Anyway, "John" was a new PDA of exactly the same make and model as "Cheryl"
(Mortein syndrome) but what I didn't know and didn't look for, initially,
was that the computer had been set up by someone else to ONLY allow
connections from "Cheryl" and no other device and it was set in "non
discovery" mode, that is, no other bluetooth device supposed to be able to
find it. When I set John up, it autosync'd for 24 hours and stopped syncing
again. I went back and did a thorough look and found that "Cheryl" was the
only one allowed to connect bluetooth to the computer but "John" had,

So this makes me wonder - and this is what I am asking help with - is it
possible that bluetooth pairing, connection in total and autosync are all at
risk if the same model PDA is used even though they are set up with
different PDA names and even if settings are correct and are NOT supposed to
allow connection from anything else? If it is, this is a worry.

Of course, the alternative is that I stuffed something up, I know but for
the life of me, I cant see what it is. If data is encrypted and only paired
devices that are NAMED are allowed to connect, I would have thought that
meant I shouldn't have been able to set the other PDA up but I did. 

Thanks for any info/help.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]