Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts for April of 2006
Showing posts in English
Ollie Whitehouse | 01 May 2006 07:00:00 GMT | 0 comments

Recently the issue of Bluetooth security raised its head once again. For such a young protocol, Bluetooth has had one rough ride. This time, however, it was for two very separate reasons. The first was a protocol fuzzer (an automated test harness) for the L2CAP protocol that was released by Pierre Betouin [1] (I later helped out with the project adding certain functionality). The author of the tool used this to discover multiple unauthenticated denial of service conditions in common top-tier cellular handsets. (It has always amused me that we have to classify remote device crashes as denial of service only, as we simply don’t have the visibility into a lot of these proprietary devices in order to gain a full understanding as to the degree of exploitability.)

The second reason was the OSX.Inqtana.A worm[2][3]. What I found interesting about this was that it was the first worm to my knowledge that actually exploited a Bluetooth vulnerability to aid in its propagation....