Security researchers attention goes to the Bluetooth bug in iPhone. On Friday, Symantec's DeepSight threat network team pointed out the vulnerability in an advisory to customers.
According to the security team, the Bluetooth flaw occurs when malicious SDP (Service Discovery Protocol) packets are handled. Thus, any attacker within Bluetooth range can exploit the vulnerability remotely and execute arbitrary code on the device.
In order to exploit the iPhone Bluetooth vulnerability, the Bluetooth MAC must be known. However, with iPhone this is extremely easy. The iPhone Bluetooth MAC address is always one less than the Wi-Fi interface's MAC address. So, a standard WiFi sniffer does the job here.
According to Apple's security advisory, the Bluetooth vulnerability was discovered and reported by Kevin Mahaffey and John Hering of Flexillis Inc., a Los Angeles-based company that specializes in mobile security development and consulting.
Most people do not consider Bluetooth vulnerabilities seriously. This can be attributed to the belief that Bluetooth is not a long-range wireless technology. However, possible working range of Bluetooth is far longer than most people believe. With specialized antennas it is possible to achieve 200-300 meters, sometimes even more.
Saturday, September 29, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment