1 de Septiembre, 2005

Comienzan las actividades del grupo Bluehack.

2 de Septiembre, 2005

Introducing the Car Whisperer

El grupo Trifinite ha descubierto una nueva vulnerabilidad en los dispositivos Bluetooth. Esta vez se trata de los dispositivos de manos libres empleados en los automóviles como medio para manejar el teléfono móvil con la voz y con teclas de acceso rápido. Parece ser que algunos fabricantes de estos accesorios no se han preocupado por la implementación de la seguridad y un atacante externo podría inyectar o capturar el audio que circula por el dispositivo empleando para ello un equipo portatil a cerca distancia.

Citando el blog de Trifinite...
This new toool is called The Car Whisperer and allows people equipped with a Linux Laptop and a directional antenna to inject audio to, and record audio from bypassing cars that have an unconnected Bluetooth handsfree unit running. Since many manufacturers use a standard passkey which often is the only authentication that is needed to connect.

This tool allows to interact with other drivers when traveling or maybe used in order to talk to that pushy Audi driver right behind you . It also allows to eavesdrop conversations in the inside of the car by accessing the microphone.

Since the attacker's laptop is fully trusted once it has a valid link key, the laptop could be used in order to access all the services offered on the hands-free unit. Often, phonebooks are stored in these units. I am quite certain that there will be more issues with the security of these systems due to the use of standard passkeys
Sigue aquí...


Contacto | ©2005 Bluehack: the Spanish Bluetoot Security Group