« March 2005 | Main | May 2005 »

April 27, 2005

Speaking at LAYERone

I just got back from presenting our full disclosure talk at LAYERone in Pasadena, USA. This is a very nice area, and very different from the rest of LA - you can actually walk the streets, and the bars have good beer! :) Slides will appear on the LAYERone site shortly.

New in the talk were Mode3 Abuse attack and Bluepot - Martin's new honeypot project for J2ME. Project pages coming soon...

I also announced that I will release the original 'bluesnarf' script for FreeBSD, and HeloMoto code for Linux, as the industry has now had more than enough time to deal with this. I will post here as soon as the download pages are ready.

Posted by Adam Laurie at 10:34 AM | Comments (0)

April 20, 2005

Blooover on the Sony Ericsson P900

Whilst I was away, I had time to figure out why I couldn't get Blooover to install on my P900. It turns out to be a trust thing - it wouldn't allow me to install if I downloaded it directly to the phone, but if I installed from a PC using the cradle it went in fine, after warning the the author was unkown (well, would *you* trust the trifinite.group???) :P

However, even though it would now run, it was unable to see any Bluetooth devices. Upgrading the firmware on the P900 fixed it, and it now works fine, although it doesn't always work against devices I know to be vulnerable... We need to get Martin a P900 so he can fix it, so if you have one spare please get in touch!

Posted by Adam Laurie at 04:30 PM | Comments (0)

Bluetooth SIG All Hands Meeting

Just got back from Lisbon, where I participated in the security panel discussion at the All Hands meeting. Also on the panel was Mikko Hypponen of F-Secure, (the guy in the blue shirt in the middle of the picture) who then gave a fascinating talk on mobile viruses, including many new ones that are now using Bluetooth to propagate (over 20 of them!). The link above is to his blog, which is worth watching as it is run by the F-Secure tekkies, and they post new attacks and technical details to it as soon as they learn of them.

Posted by Adam Laurie at 04:11 PM | Comments (0)

April 19, 2005

New BluePrint Tool

Thanks to Collin and all the people contributing (by sending in their device's sdpbrowse records) a new version of the BluePrint tool is available from the trifinite.downloads section.. The new version of the tool that implements the Blueprinting Technology is able to identify about 45 different devices by their Bluetooth fingerprint.

If you have a new device equipped with Bluetooth wireless technology and you want to contribute, please don't hesitate to send us the information described in the README file included in the Blueprint zip-file.

Again, many thanks to all the people that already contributed.

Posted by Martin Herfurt at 10:30 AM | Comments (0)

Details of new Attacks

Since we were presenting new Bluetooth attacks at the BlackHat in Amsterdam, we finally put the more detailed descriptions of the attacks into the trifinite.stuff section. The attacks added are the following:

BlueSnarf - just for completeness ... not that it was a new attack :)
BlueSnarf++ - an attack that has been firstly presented at BlackHat... Taking the BlueSnarf to the next level.
HeloMoto - on how to take control over some Motorola phones
BlueBump - an attack to force an entry into the list of trusted devices

In case of questions, you may contact the people linked at the bottom of the respective page.

Posted by Martin Herfurt at 09:14 AM | Comments (0)

April 03, 2005

BlackHat Europe 2005

In the end of last week, the Black Hat Europe 2005 Briefings took place in Amsterdam, Netherlands.Adam, Marcel and I also had a talk there. The slides of this talk can be downloaded from the trifinite.downloads page.
As usual there were a lot of parties besides the official part of that event. There are loads of pictures from the parties that we participated. There is also a lot of pictures to be posted on Grifter's page.
There is even more pictures on J0hnny L0ng's page.

Posted by Martin Herfurt at 05:04 PM | Comments (0)