HeloMoto
The HeloMoto attack has been discovered by Adam
Laurie and is a combination of the BlueSnarf
attack and the BlueBug
attack. The attack is called HeloMoto, since it was discovered
on Motorola phones.
Method
The HeloMoto attack takes advantage of the incorrect implementation
of the 'trusted device' handling on some Motorola devices. The
attacker initiates a connection to the unathenticated OBEX Push
Profile pretending to send a vCard. The attacker interrupts the
sending process and without interaction the attacker's device is
stored in the 'list of trusted devices' on the victim's phone.
With an entry in that list, the attacker is able to connect to
the headset profile without authentication. Once connected to this
service, the attacker is able to take control of the device by
means of AT-commands (as BlueBug).
Download
People Involved
For questions about the HeloMoto attack, feel free to ask Adam
Laurie.
|