BlueSnarf Revisited: OBEX FTP Service Directory Traversal

Abstract : As mobile operating systems reach the same level of complexity of computer operating systems, these may be affected by the same vulnerabilities and may be subject to the same kind of attacks. Bluetooth provides connectivity to a mobile phone but this network can also be used as a channel to deploy attacks and access its resources, such as personal information, confidential files or the possibility of making phone calls and consume the user’s balance. When the first attacks to early Bluetooth mobile phones came up, manufacturers were forced to raise awareness about Bluetooth and make improvements in the security of the implementation. In spite of the improvements, we introduce a multi-platform vulnerability for mobile phones that allows a remote attacker to list arbitrary directories, and read and write arbitrary files via Bluetooth. Our experience shows that the attack can be performed in a real environment and it may lead to data theft.
Type de document :
Communication dans un congrès
Vicente Casares-Giner; Pietro Manzoni; Ana Pont. International IFIP TC 6 Workshops PE-CRN, NC-Pro, WCNS, and SUNSET 2011 Held at NETWORKING 2011 (NETWORKING), May 2011, Valencia, Spain. Springer, Lecture Notes in Computer Science, LNCS-6827, pp.155-166, 2011, NETWORKING 2011 Workshops. 〈10.1007/978-3-642-23041-7_16〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01587858
Contributeur : Hal Ifip <>
Soumis le : jeudi 14 septembre 2017 - 16:48:33
Dernière modification le : jeudi 14 septembre 2017 - 16:53:12
Document(s) archivé(s) le : vendredi 15 décembre 2017 - 21:17:20

Fichier

978-3-642-23041-7_16_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Alberto Moreno, Eiji Okamoto. BlueSnarf Revisited: OBEX FTP Service Directory Traversal. Vicente Casares-Giner; Pietro Manzoni; Ana Pont. International IFIP TC 6 Workshops PE-CRN, NC-Pro, WCNS, and SUNSET 2011 Held at NETWORKING 2011 (NETWORKING), May 2011, Valencia, Spain. Springer, Lecture Notes in Computer Science, LNCS-6827, pp.155-166, 2011, NETWORKING 2011 Workshops. 〈10.1007/978-3-642-23041-7_16〉. 〈hal-01587858〉

Partager

Métriques

Consultations de la notice

18

Téléchargements de fichiers

11