Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0002
Type: Vulnerability
Status: Candidate
Classification:
Authentication Management
Hijacking
Information Disclosure
Description:
BlueBug is the name given to a vulnerability found on certain Nokia, Sony/Ericcson, and Motorola phones that use Bluetooth which allows an attacker to establish a serial connection to the phone without authenticating. This allows an attacker to nearly take full control of the phone through AT commands.
Discussion:
At the heart of the BlueBug vulnerability is the existence of hidden RFCOMM channels that are not advertised through the SDP (Service Discovery Protocol) on certain phone models from Nokia, Sony/Ericcson, and Motorola. Not only are these RFCOMM channels hidden, but they allow a connection to be established without any authentication whatsoever. Thus an attacker can covertly connect to a vulnerable device without requiring a PIN code to be entered on the device being attacked.
Once an attacker has connected, they then have the full range of AT commands available to them to manipulate the phone. This may let the attacker initiate phone calls, send and read SMS messages, read and write phonebook entries, change call-forwarding settings, connect to the Internet, or select a different cellular network.
The AT commands available from phone to phone may vary, so this list of possibilities should be considered a minimum of what an attacker can control. Particular phone models that are known to be vulnerable at this time include Sony/Ericcson T610 and T86i; Nokia 6310, 6310i, 8910 and 8910i; and Motorola V80 and V600.
Credits
Author:
Martin
Herfurt
(martin@trifinite.org)
: trifinite.org
References
URL:
http://trifinite.org/trifinite_stuff_bluebug.html
Released: 2004-03-30
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Mon Oct 24 09:54:13 -0700 2005
Candidate Date: Thu Oct 06 14:31:50 -0700 2005
