Saturday, November 17, 2007

The Technicalities that allowed Bluesnarfing

Adam Laurie From A.L. Digital Ltd found 2 flaws in bluetooth data transfer in 2003 .
The 2 flaws are the beginning of Bluesnarfing.

Blue Nov 2003, when Adam described the flaws, bluejacking is already known and spreading. What Adam discovered was new even to the blue jacking community

1) That data from a victims phone can be obtained without any knowledge of the owner. When it was first described, he was essentially talking about the phonebook. But in essence, any data stored in the bluetooth device can be obtained.

2) Any previously paired device, can access the data and files of a person's mobile device. This is so even after the pairing has been removed.

This started the era of bluesnarfing. Adam quickly alerted phonemakers, which resulted in upgrades which fixed these security bugs. But Bluesnarfing didn't end there. With these bugs fixed, bluesnarfers identified new flaws and started a new generation of bluesnarfing which is still happening today.

No comments: