Bluetooth Hacking – Full Disclosure @ 21C3 Hacking Bluetooth enabled
mobile phones and beyond – Full Disclosure 21C3: The Usual Suspects 21st
Chaos Communication Congress December … … to 29th, 2004 Berlin er
Congress Center, Berlin, Germany Adam Laurie Marcel HoltmannMartin
Herfurt Bluetooth Hacking – Full Disclosure @ 21C3 Who we are? Adam
Laurie- CSO of The Bunker Secure Hosting Ltd.- Co-Maintainer of
Apache-SSL- DEFCON Staff/Organiser? Marcel Holtmann- Maintainer and core
developer of the Linux Bluetooth
Bluetooth
Hacking – Full Disclosure @ 21C3 History (4) ? Blue bugging – First
publicised by Martin Herfurt, March 2004 ? CeBIT Hanover – Create
unauthorised connection to serial profile – Full access to AT command
set – Read/Write access to SMS store – Read/Write access to Phone Book
Bluetooth Hacking – Full Disclosure @ 21C3 History (5) ? Full Disclosure
after 13 months – More time for manufacturers to fix ? Embedded devices
? New process for telecom industry – Nokia claims to have fixed all
vulnerable devices ? Firmware updates available ? 6310i tested OK –
Motorola committed to fix known vulnerabilities – Sony Ericsson publicly
stated “all problems fixed” Bluetooth Hacking – Full Disclosure @ 21C3
Bluetooth Technology ? Data and voice transmission ? ACL data
connections ? SCO and eSCO voice channels ? Symmetric and asymmetric
connections ? Frequency hopping ? ISM band at 2.4 GHz ? 79 channels ?
1600 hops per second ? Multi-Slot packets Bluetooth Hacking – Full
Disclosure @ 21C3 Bluetooth Piconet ? Bluetooth devices create a piconet
? One master per piconet ? Up to seven active slaves ? Over 200 passive
members are possible ? Master sets the hopping sequence ? Transfer
rates of 721 Kbit/sec ? Bluetooth 1.2 and EDR (aka 2.0) ? Adaptive
Frequency Hopping ? Transfer rates up to 2.1 Mbit/sec …
.
موضوع: Hacking Bluetooth enabled mobile phones and beyond 