BlueSnarf Revisited: OBEX FTP Service Directory Traversal

  • Alberto Moreno
  • Eiji Okamoto
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6827)

Abstract

As mobile operating systems reach the same level of complexity of computer operating systems, these may be affected by the same vulnerabilities and may be subject to the same kind of attacks. Bluetooth provides connectivity to a mobile phone but this network can also be used as a channel to deploy attacks and access its resources, such as personal information, confidential files or the possibility of making phone calls and consume the user’s balance. When the first attacks to early Bluetooth mobile phones came up, manufacturers were forced to raise awareness about Bluetooth and make improvements in the security of the implementation. In spite of the improvements, we introduce a multi-platform vulnerability for mobile phones that allows a remote attacker to list arbitrary directories, and read and write arbitrary files via Bluetooth. Our experience shows that the attack can be performed in a real environment and it may lead to data theft.

Keywords

Bluetooth mobile phones exploit data theft 

References

  1. 1.
  2. 2.
    Laurie, A., Holtmann, M.: BlueSnarf (2003), http://trifinite.org/trifinite_stuff_bluesnarf.html
  3. 3.
    Laurie, A., Holtmann, M., Herfurt, M.: BlueSnarf++ (2005), http://trifinite.org/trifinite_stuff_bluesnarfpp.html
  4. 4.
  5. 5.
  6. 6.
    Finisterre, K.: Blueline, Motorola Bluetooth Interface Dialog Spoofing Vulnerability, CVE-2006-1367 (2006)Google Scholar
  7. 7.
    Zuckschwerdt, C.W.: ObexFTP (2002), http://dev.zuckschwerdt.org/openobex
  8. 8.
    Whitehouse, O.: War Nibbling: Bluetooth Insecurity (2003), http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf
  9. 9.
    Shaked, Y., Wool, A.: Cracking the Bluetooth PIN. In: Proceedings of the 3rd International Conference on Mobile Systems, MOBISYS 2005, Seattle, Washington (2005)Google Scholar
  10. 10.
    Zoller, T.: BTCrack (2007), http://secdev.zoller.lu/btcrack.zip
  11. 11.
    Zoller, T.: Scheunentor Bluetooth, Heise Security konferenz, Hamburg (2007)Google Scholar
  12. 12.
  13. 13.
    Moser, M.: Busting the Bluetooth Myth - Getting RAW Access (2007), http://packetstormsecurity.org/papers/wireless/busting_bluetooth_myth.pdf
  14. 14.
    Spill, D., Bittau, A.: BlueSniff: eve meets alice and bluetooth. In: Proceedings of the First Conference on First USENIX Workshop on Offensive Technologies, Boston, Massachusetts, pp. 5–5 (2007)Google Scholar
  15. 15.
    Bittau, A.: BTSniff (2007), http://darkircop.org/bt/bt.tgz
  16. 16.
    Lindell, A.Y.: Attacks on the Pairing Protocol of Bluetooth v2.1, Black Hat USA, Las Vegas, Nevada (2008)Google Scholar
  17. 17.
    Moreno Tablado, A.: HTC / Windows Mobile OBEX FTP Service Directory Traversal Vulnerability, CVE-2009-0244 (2009)Google Scholar
  18. 18.
    HTC: Hotfix to enhance the security mechanism of Bluetooth service, http://www.htc.com/asia/SupportDownload.aspx?p_id=140&cat=0&dl_id=609 (2009)

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Alberto Moreno
    • 1
  • Eiji Okamoto
    • 1
  1. 1.Laboratory of Cryptography and Information SecurityUniversity of TsukubaTsukubaJapan

Personalised recommendations