Archive

Author Archive

The Wikileaks Fiasco

To be completely candid, I have been frustrated concerning my inability to write about the Wikileaks drama until now. I felt very strongly that once I had started the series on Bluetooth security, I should finish it before moving on to something else. Besides, Bluetooth security issues are really quite interesting. At the same time, however, there is a conflagration that is still burning, and this conflagration centers around Julian Assange and Wikileaks.

Read more…

Categories: Uncategorized Tags:

Bluetooth Security: Part 4

In my last blog entry I started to cover the kinds of tools that are available in attacking Bluetooth devices. I discussed Bluescanner and Bluesnarf and said that these are only two of the surprising large number of such tools. Now I’ll cover the remaining Bluetooth attack tools of which I am aware:

  • A.I.O. Bluetooth Hacking Tools. These tools are downright scary. They allow someone to read Bluetooth messages and contacts on another phone, change another phone’s profile and/or ring volume, make someone’s phone restart, switch off or ring (even if the phone is in silent mode), play songs on another phone (imagine the shock value of this!), and more.
  • Btcrack. Btcrack allows an attacker to make phone calls on another phone with any charges billed to the owner of the other phone. This tool also cracks Bluetooth PINs and attempts to reconstruct the pass key and the link key, both of which are captured during the pairing process that was discussed in part one of this series.
  • BlueSniff. This one finds discoverable and hidden Bluetooth devices. One of the major advantages of this tool is that it has a very intuitive graphical user interface (GUI).
  • Btcrack. As its name implies, Btcrack cracks Bluetooth PINs. It also tries to reconstruct the pass and the link keys during the pairing process.
  • BlueSniff. Blue Sniff, like other, similar tools finds discoverable and hidden Bluetooth-enabled devices. It also features a very easy-to-use GUI.
  • BlueBug. This tool tries to gain unauthorized access to phone-books, call lists and other private information in remote Bluetooth devices within the discovery zone.
  • Bluediving. This one is highly useful because it consists of a Bluetooth penetration testing suite, thus making obtaining and running each tool contained within unnecessary. ¬†Instead, it provides a menu that allows users to run each tool and function whenever they want. It contains Bluebug, BlueSnarf, BlueSnarf++, and BlueSmack. It also provides additional functions such as address spoofing, packet forging, connection resetting, and many others. If I were allowed to have only one Bluetooth attack tool, there is no doubt in my mind that I would choose this one.
In short, attacking Bluetooth devices has become rather easy because of a variety of tools designed specifically for this purpose. The widespread availability of these tools and the fact that most of them are free raises the risk level in Bluetooth environments considerably. Information security professionals need not only to know how these tools work, but they also need to use them in their vulnerability assessment programs. Auditors also need to learn about these tools, which can also be very useful when audits are being conducted.

–Gene Schultz, Ph.D., CISSP, CISM, GSLC
– – – – – – – – – – – – – – – – –
Dr. Eugene Schultz is the CTO at Emagined Security, an information security consulting practice based in San Carlos, California. ¬†He is the author/co-author of five books, and has also written over 120 published papers. Gene has been the editor-in-chief of two journals and is currently on the editorial board of three journals. He is also a SANS instructor, member of the SANS NewsBites editorial board, co-author of the 2005 and 2006 CISM preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman’s Award, and the National Information Systems Security Conference Best Paper Award. A Distinguished Fellow of the Information Systems Security Association (ISSA), Gene has also been named to the ISSA Hall of Fame and has received ISSA’s Professional Achievement and Honor Roll Awards. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.
Categories: Uncategorized Tags:

Bluetooth Security: Part 3

There are more attack methods against Bluetooth devices than one might suspect. In earlier blog entries in this series I discussed attacks such as discovery and cryptanalytic attacks. One of the potential Achilles heels of Bluetooth security is PINs used in authentication. PINs are generally between four and 16 characters long. Shorter PINs can easily be guessed or brute forced if conventional bad login limit lockouts are not built into the devices, and the fact that they are only a maximum of four characters long in some Bluetooth implementations makes these devices unusually vulnerable. Furthermore, in some of these devices PINs are fixed and thus unchangeable by their users. PIN guessing can thus enable perpetrators to impersonate the identity of Bluetooth devices, enabling perpetrators to make long distance calls billed to the account of legitimate users as well as to gain unauthorized access to call lists, phone books, photos, and other information. PIN spoofing can also be used for similar purposes. And if a Bluetooth device falls into the hands of an attacker, the attacker can gain access to the same types of information, often by gleaning PINs from memory and/or the device’s hard drive.

Read more…

Categories: Uncategorized Tags:

Bluetooth Security: Part 2

As discussed in my previous posting concerning Bluetooth security, Bluetooth devices normally have numerous built-in security mechanisms. But are these mechanisms sufficiently secure to repel most Bluetooth-specific attacks? The answer is that Bluetooth can defend against some attacks well, but does not fare very well when other types of attacks are launched against it.

Read more…

Categories: Uncategorized Tags:

Bluetooth Security: Part 1

In this blog, you’ll see a six-part series on mobile computing security that I wrote some time ago. Afterwards I wrote another series on forensics with mobile computing devices. These blog entries have focused on security issues in major types of smartphones, but the mobile computing arena is not limited to smartphones. Security-related concerns in many other areas also seem to keep emerging. So this time around let’s take a look at Bluetooth security.

Read more…

Categories: Uncategorized Tags:

Bluetooth Hacking Tools

I do not use Bluetooth, but a lot–a very lot–of people do. One recent estimate is as of 2008 there were at least one billion Bluetooth devices in the world, and I do not doubt that estimate at all.

Categories: Uncategorized Tags:

Spam: Is it Starting to Go Away?

I remember years ago when the Internet was totally different from the way it is now. If in the early 1990s, for example, someone sent a message containing some kind of advertisement for a product, service or even a conference, that person extremely likely to get flamed. As we all know, today we are bombarded with spam that advertises all kinds of things. Studies over the years repeatedly show that the majority of Internet traffic–up to 90 percent or more of it at certain times–consists of spam.

Read more…

Categories: Uncategorized Tags:

Advanced Persistent Threats: Part 3

I don’t normally write and post a blog entry that is part of a series after the series has ended. I’ve already written parts 1 and 2 of the advanced persistent threats (APTs) series; earlier this week I moved on to a new topic. Sorry, but I forgot to write about something about APTs that is very important. I thus feel compelled to write a third part of the APT series out of order. I’ll go back and fix the order of the postings in a few days.

Read more…

Categories: Uncategorized Tags:

Title Inflation in Information Security

I meet new people all the time. Not surprisingly, many of them are information security professionals. After we’ve said goodbye, I often look over their business cards a bit. What is amazing to me is the loftiness of the titles on so many business cards. I meet presidents, vice-presidents, CEOs, COOs, CTOs, CISOs, executive directors and managers, senior directors and managers, and by now you get my drift. But it does not end here–some have downright humorous titles such as “chief security visionary” or “I seldom see plain old everyday titles such as “member of the technical staff” or “security engineer.” Title inflation runs rampant.

Categories: Uncategorized Tags:

Advanced Persistent Threats (APTs): Part 2

In my last posting I argued that traditional defense-in-depth strategies per se are not sufficient for an organization to be able going to be able to withstand the kinds of APTs that are currently plaguing us. I’d like to go on further with this theme, extending it to the types of security technologies that are available to us. In the past I’ve argued about the virtues of United Threat Management (UTM) technology from the standpoint that in UTM appliances the various functions (intrusion detection, intrusion prevention, application firewalling, and more) are at least aware of each other, and can thus potentially work more intelligently and cooperatively, as opposed to so-called point solutions.

Read more…

Categories: Uncategorized Tags: