The BlueSnarf attack is probably the most famous Bluetooth attack,
since it is the first major security issue related to Bluetooth
enabled devices. BlueSnarf has been identified by Marcel
Holtmann in September 2003. Independently, Adam
the same vulneralbility in November 2003 posted the issue on Bugtraq
got in touch with the respective device manufacturers.
In order to perfom a BlueSnarf attack, the attacker needs to connect
to the OBEX Push Profile (OPP), which has been specified for the
easy exchange of business cards and other objects. In most of the
cases, this service does not require authentication.
Missing authentication is not a problem for OBEX Push, as long
as everything is implemented correctly. The BlueSnarf attack connects
to an OBEX Push target and performs an OBEX GET request for known
filenames such as 'telecom/pb.vcf' for the devices phone book or
'telecom/cal.vcs' for the devices calendar file. (There are many
more names of files in the IrMC
Specification). In case of improper implementation of the device
firmware, an attacker is able to retrieve all files where the name
known or guessed correctly.
thebunker.net - Adam Laurie's page about the BlueSnarf attack
For questions about the BlueSnarf attack, feel free to ask Adam
Laurie or Marcel Holtmann.