Multiple Vendor Bluetooth Device Unauthorized Serial Command Access Vulnerability
BID:12166
Info
Multiple Vendor Bluetooth Device Unauthorized Serial Command Access Vulnerability
| Bugtraq ID: | 12166 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 04 2005 12:00AM |
| Updated: | Jan 04 2005 12:00AM |
| Credit: | This vulnerability was discovered by Adam Laurie <[email protected]>. |
| Vulnerable: |
Nokia Nokia 6310i Motorola V80 Motorola V600 Ericsson Ericsson T610 |
| Not Vulnerable: | |
Discussion
Multiple Vendor Bluetooth Device Unauthorized Serial Command Access Vulnerability
Multiple vendors of Bluetooth devices are reported susceptible to an unauthorized access vulnerability.
This vulnerability allows remote users to utilize the mobile device to act as a modem. Once connected, remote users may exploit the simulated modem to initiate calls, download potentially sensitive information from the mobile device, monitor conversations, divert calls, or connect to data services such as the Internet. Other attacks are also likely possible.
It should be noted that this vulnerability is likely present in the application layer, and not in the actual Bluetooth protocol layer.
Multiple vendors of Bluetooth devices are reported susceptible to an unauthorized access vulnerability.
This vulnerability allows remote users to utilize the mobile device to act as a modem. Once connected, remote users may exploit the simulated modem to initiate calls, download potentially sensitive information from the mobile device, monitor conversations, divert calls, or connect to data services such as the Internet. Other attacks are also likely possible.
It should be noted that this vulnerability is likely present in the application layer, and not in the actual Bluetooth protocol layer.
Exploit / POC
Multiple Vendor Bluetooth Device Unauthorized Serial Command Access Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Multiple Vendor Bluetooth Device Unauthorized Serial Command Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Multiple Vendor Bluetooth Device Unauthorized Serial Command Access Vulnerability
References:
References:
- BlueBug (trifinite.org)
- Serious flaws in bluetooth security lead to disclosure of personal data (The Bunker)