HeloMoto

Apr 2005

1 min read

Bluetooth Classic Security Vulnerability Privilege Escalation

bluetooth classic security vulnerability privilege escalation

The HeloMoto attack has been discovered by Adam Laurie and is a combination of the BlueSnarf attack and the BlueBug attack. The attack is called HeloMoto, since it was discovered on Motorola phones.

Method

The HeloMoto attack takes advantage of the incorrect implementation of the ‘trusted device’ handling on some Motorola devices. The attacker initiates a connection to the unathenticated OBEX Push Profile pretending to send a vCard. The attacker interrupts the sending process and without interaction the attacker’s device is stored in the ‘list of trusted devices’ on the victim’s phone. With an entry in that list, the attacker is able to connect to the headset profile without authentication. Once connected to this service, the attacker is able to take control of the device by means of AT-commands (as BlueBug).

Download

HeloMoto-Maemo - HeloMoto tool compiled to be used on a Nokia 770 Tablet PC
(written for for Linux using BlueZ)
by Adam Laurie
Download helomoto-maemo.tgz

HeloMoto - tool to extract personal information from early Motorola V-Series
(written for for Linux using BlueZ)
by Adam Laurie
Download helomoto.tgz

People Involved

For questions about the HeloMoto attack, feel free to ask Adam Laurie.

Adam Laurie is Chief Security Officer and a Director of The Bunker Secure Hosting Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties.