http://trifinite.org/blog/ The trifinite.blog is a weblog that is maintained by the trifinite.group. Every now and then you will find new entries here. You can add this weblog to your RSS-Feed reader by importing this URI.

]]> 2008-10-13T12:49:53+00:00 http://trifinite.org/blog/archives/2008/10/slides_for_expl.html Here are the slides for my BlackHat Japan talk Exploiting Symbian. This work was done as part of my research at Fraunhofer SIT. If you have any questions please contact me through my website at Fraunhofer SIT. Yet another mobile phone OS that can be exploited.... Collin Mulliner 2008-10-13T12:49:53+00:00 http://trifinite.org/blog/archives/2008/09/a_little_web_th.html We at trifinite love mobile devices so we try to get our hands on every possible device. Although we are not really known for doing web stuff (besides our small site you're looking at right now) we dig it. Long story short: there is a SEO (search engine optimization) contest going on in Germany right now. The prize for the winner will be an iPhone 3G - something we really like to play with. The term that is to be optimized is Befreiphone. The contest is going on until 17th of September (10pm GMT+1). Lets see what the Bluetooth guys... Collin Mulliner 2008-09-10T12:42:37+00:00 http://trifinite.org/blog/archives/2008/05/attacking_nfc_m.html Near Field Communication (NFC) is supposed to be the next big thing in mobile phones therefore trifinite feels obligated to take a first look at NFC. The talk was given last week at EUSecWest in London, UK. Slides and information material are now online. Slides: Attacking NFC mobile phones Material at: www.mulliner.org/nfc... Collin Mulliner 2008-05-27T18:05:37+00:00 http://trifinite.org/blog/archives/2007/01/hid_attack.html I almost forgot about this... HID Attack is about attacking the Bluetooth Human Interface Device application. The software that runs on the desktop PC that communicates with a Bluetooth keyboard, mouse and joystick. The described attack hijacks the bluetooth keyboard driver on the dektop computer to inject arbitrary keypress sequences. Full details here: HID Attack Website Download the Proof-of-Concept here: HID Attack... Collin Mulliner 2007-01-24T19:02:03+00:00 http://trifinite.org/blog/archives/2006/10/bluetooth_trade_1.html Martin Herfurt 2006-10-30T23:15:49+00:00 http://trifinite.org/blog/archives/2006/08/slides_for_pock.html Yet another non-Bluetooth topic... Here are the slides from my defcon-14 talk about MMS-based (Multimedia Messaging Service) attacks against PocketPC phones. The slides are available here and the WiFi proof-of-concept DoS tool can be downloaded here.... Collin Mulliner 2006-08-08T03:20:06+00:00 http://trifinite.org/blog/archives/2006/06/toshiba_securit.html I have just been informed by Toshiba that there is a new security update (PC Bluetooth Stack Service Pack 2) that also installs on non-Toshiba PCs. It is available for download at http://aps.toshiba-tro.de/bluetooth/.... Martin Herfurt 2006-06-30T17:14:23+00:00 http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html I have just been informed that TOSHIBA published a stable version of the stack. You find it here for download: aps.toshiba-tro.de/bluetooth Go for the latest Version (4.00.36) and your problems should be solved. Special Thanks to Toshiba for letting me know about this.... Martin Herfurt 2006-06-21T17:43:21+00:00 http://trifinite.org/blog/archives/2006/06/dellicate_issue_1.html Earlier this year, members of the trifinite.group discovered an issue with the Toshiba Windows Bluetooth Stack. Strangers can remotely cause a system exception on Windows hosts when they know the address of the internal Bluetooth device of this machine by sending large l2cap echo requests to it (see BlueSmack attack). Toshiba has been informed about this issue in the middle of February 2006 already but didn't manage to fix the problem. Since Toshiba has been informed once more in April 2006 and the issue still is within the product, we finally decided to publish an advisory addressing the problem so... Martin Herfurt 2006-06-21T08:15:37+00:00 http://trifinite.org/blog/archives/2006/04/what_a_march.html During the last month there have been quite a few events. In the beginning of March, there was the BlackHat Europe in Amsterdam. The list of speakers was quite prominent. Before BlackHat started, I also met Dragos who was on holiday together with the organizing team of the EUSecWest that just took place a week before in London. A week later, I was invited to speak at a very small, but very nice event in Coimbra, Portugal. This event was called 'Wireless Meeting 2006 (WiMe2006)' and already took place once before in 2005. I was very pleased by the student... Martin Herfurt 2006-04-02T02:04:48+00:00 http://trifinite.org/blog/archives/2006/03/bluetooth_secur_1.html Everyone who is interested in participating a Bluetooth Security workshop could still sign up for the upcoming Bluetooth Technology Security Dojo at CanSecWest in the beginning of April. We would be happy to meet you there :)... Martin Herfurt 2006-03-28T00:23:17+00:00 http://trifinite.org/blog/archives/2006/02/inqtana_bluetoo.html Trifinite.group member Kevin has published a paper detailing the techniques he used in the development of the InqTana Bluetooth worm that targets vulnerable Mac OS X systems. There has been significant confusion surrounding this worm, so here are some salient points: The concurrent release of the OS X Leap.A and InqTana.A worms is coincidental There is no conspiracy, AV vendors and Apple were notified about Kevin's progress in developing this worm in advance of making details publicly available Both 10.3 and 10.4 systems are vulnerable until patched with APPLE-SA-2005-05-03 and APPLE-SA-2005-06-08 InqTana prompts before infecting *by design*, Kevin was just... trifinite.misc Joshua Wright 2006-02-23T13:11:56+00:00 http://trifinite.org/blog/archives/2006/02/new_trifinitego_1.html Last week, Joshua Wright joined the trifinite.group. Josh brings in a lot of experience with Wi-Fi technology and showed to have the right thinking-patterns for being part of the group :) Check out Joshua's page for details.... trifinite.group Martin Herfurt 2006-02-08T20:50:23+00:00 http://trifinite.org/blog/archives/2006/02/bluetooth_secur.html Adam, Marcel and I will hold a Bluetooth Security workshop on 17th of February in London. So if you are interested in participating make sure to register.... trifinite.stuff Martin Herfurt 2006-02-04T18:57:54+00:00 http://trifinite.org/blog/archives/2006/01/new_trifinitegr_1.html We are happy to welcome Kevin Finisterre from digitalmunition.com to the trifinite.group. Kevin is doing a lot of interesting Bluetooth-related work. This is why Kevin fits in perfectly. Check out Kevin's new member page.... trifinite.group Martin Herfurt 2006-01-16T13:38:16+00:00