Menu

Database

Bloover

WVE ID: WVE-2005-0004

Type: Exploit

Status: Candidate

Classification:
Authentication Management
Hijacking
Information Disclosure

Description:
Blooover is a proof-of-concept tool that can be used to exploit cellular phones that are vulnerable to the BlueSnarf and BlueBug attacks.

Discussion:
Bloover is a tool intended for auditing devices for BlueSnarf and BlueBug vulnerabilities. It's unique feature is that it is implemented using the J2ME specification for mobile devices allowing the tool to run on any device supporting the J2ME MIDP 2.0 VM and the JSR-82 Bluetooth API. This allows one to inconspicuously scan for vulnerable devices without drawing the attention of others by carrying a laptop.

As this is intended to be an auditing tool, some functionality has been disabled. For instance, the tool does not allow the sending of SMS messages and making toll calls through a vulnerable device.

Credits
Author: Martin Herfurt (martin@trifinite.org) : trifinite.org

References
URL: http://trifinite.org/trifinite_stuff_blooover.html

Released: 2005-03-07

Submitter
Andrew Lockhart (alockhart@networkchemistry.com) : Network Chemistry

Submitted: Mon Oct 24 09:54:47 -0700 2005

Candidate Date: Thu Oct 06 14:04:13 -0700 2005


Recent Entries

Weaknesses in the A5/1 Cipher
WVE-2008-0007 4/9/2008
Block ACK DoS
WVE-2008-0006 4/9/2008
GF Mode WIDS Rogue AP Evasion
WVE-2008-0005 4/9/2008
HT Intolerant Degradation of Service
WVE-2008-0004 4/9/2008
Sidejacking
WVE-2008-0003 4/2/2008
ZiPhone
WVE-2008-0002 4/2/2008
RADIUS Key Delivery Exposure
WVE-2008-0001 3/21/2008
BackTrack
WVE-2007-0020 11/19/2007
Airoscript
WVE-2007-0019 11/19/2007
airoway.sh
WVE-2007-0018 11/19/2007
More Entries...

News

SANS Institute Sponsors WVE
4/19/2008
Wireless Attackers and Honeypot Technology
4/15/2008
High Speed Risks in 802.11n Slides Posted
4/11/2008
Vulnerabilities in 802.11n
4/9/2008
WVE Editors Speaking at SHARKFEST.08
1/3/2008
More News...