« August 2004 | Main | October 2004 »

September 26, 2004

BT Audit

Added BT Audit my Bluetooth port scanner suite to our list of tools.

Posted by Collin Mulliner at 11:20 PM | Comments (0)

September 23, 2004

New trifinite.groupmembers

The two Bluetooth experts Adam Laurie and Marcel Holtmann joined the trifinite.group... which is good.

Posted by Martin Herfurt at 05:56 PM | Comments (0)

September 19, 2004

Project page on Blooover

Blooover is the MIDP application I wrote about in the "Further Work" section of the BlueBug CeBit field-trial report. This has also been the reason why I bought myself a Nokia 6600 phone that runs J2ME MIDP 2.0 with an implementation of the JSR-82 Bluetooth API. The Nokia is not vulnerable to any known bluetooth attack (by now) but crashes every now and then (also without having to touch it :). Recently, I downloaded a copy of the J2ME Wireless Toolkit Version 2.2 that is capable of providing access to emulated bluetooth devices. This makes debugging a little easier. But what really is annoying, is that the WTK 2.2 only runs on Windoze by now. Hopefully, there will be a version available for Linux operating systems as well. Cannot be soon enough :)

Posted by Martin Herfurt at 05:46 AM | Comments (0)

Project page on Blueprinting

Collin and I began working together on a project called Blueprinting. The idea behind Blueprinting is to determine manufacturer and model of active bluetooth-enabled devices remotely.
There is a prototype script already, but there is still some work needed. Actually, there is some ambiguity for certain models. Obviously, different Series60 phones from Nokia use the same firmware. At least our hashing produces the same fingerprint... (one case we get the same fingerprint is a certain version of the Nokia 3650 and a version of the Nokia N-Gage)

Posted by Martin Herfurt at 05:38 AM | Comments (0)

Project page on Bluetooone

Today, I got all the things together and put up a page with instructions on how to modify a Linksys Bluetooth USB adaptor in order to connect a directional antenna. The guys from pentest did that last year already for an MSI dongle... but this seems to be a little more complicated than modifying a Linksys dongle (which already has an external antenna).
A modified Linksys dongle is not so new. Actually, we used a modified Linksys dongle as we did the Long-Distane-Snarf in Santa Monica. I think the one we used there has been put together by Mike Outmesguine. But I am not sure on this. It could also have been done by the flexilis guys.

Posted by Martin Herfurt at 05:07 AM | Comments (0)

September 17, 2004

Story on Long Distance Snarf aired on g4TechTV

Yesterday, the story about the long distance bluetooth expetriment that has been filmed at the Santa Monica Peer last month was broadcasted in the "The Screen Savers" show, yesterday.

Posted by Martin Herfurt at 02:37 PM | Comments (0)

September 07, 2004

Nokia announced firmware fix... finally

After all the details about the bluetooth issues with Nokia cell phones were communicated and presented during the last year, Nokia finally announced a firmware security patch that solved the issues that could be exploited the BlueSnarf and the BlueBug attack.
You can find the details about the firmware upgrade here. As owner of one of the vulnerable handsets that frequently uses bluetooth, you definitely should flash the new software on your phone as soon as possible. You can do that either by
After all, Nokia reacted to the

Posted by Martin Herfurt at 02:44 PM | Comments (0)

September 04, 2004

OpenGroupware.org @ trifinite

Today, I installed OpenGroupware on the trifinite.server. This was rather hard, since it is rather bloaty and complex. It took me quite a while to figure out how this is supposed to work.

Posted by Martin Herfurt at 03:51 AM | Comments (0)