trifinite.logo | | | trifinite.stuff | | trifinite.downloads | trifinite.album | trifinite.links

Recent Articles
Bluetooth Security Dojo @ CanSecWest
InqTana Bluetooth Worm
New trifinite.goupmember (again)
Bluetooth Security Workshop
New trifinite.groupmember
22C3 - Private Investigations
Data Retention Petition Closed
BluePrinting updated
Nokia 770 Tablet PC
bluetooth applications
How up to date is your English?
Bluetraq Mailing List
SyScan'05 in Bangkok
HeloMoto published in Technology Review
Data Retention is no Solution!


October 2008
September 2008
May 2008
January 2007
October 2006
August 2006
June 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
December 2003
November 2003
October 2003

As you can tell, all the entries on this page are quite old. We decided to host our blog activity on different sites. You can find our latest blog posts at the following addresses:

The contents of the old page are left online for later reference...

The is a weblog that is maintained by the Every now and then you will find new entries here. You can add this weblog to your RSS-Feed reader by importing this URI.

Slides for Exploiting Symbian

Here are the slides for my BlackHat Japan talk Exploiting Symbian. This work was done as part of my research at Fraunhofer SIT. If you have any questions please contact me through my website at Fraunhofer SIT.

Yet another mobile phone OS that can be exploited.

Posted by Collin Mulliner on Mon, October 13, 2008 at 12:49 PM | Comments (0) | TrackBack (0)

A little web thing...

We at trifinite love mobile devices so we try to get our hands on every possible device. Although we are not really known for doing web stuff (besides our small site you're looking at right now) we dig it. Long story short: there is a SEO (search engine optimization) contest going on in Germany right now. The prize for the winner will be an iPhone 3G - something we really like to play with. The term that is to be optimized is Befreiphone. The contest is going on until 17th of September (10pm GMT+1). Lets see what the Bluetooth guys can do!


Posted by Collin Mulliner on Wed, September 10, 2008 at 12:42 PM | Comments (0) | TrackBack (0)

Attacking NFC Mobile Phones

Near Field Communication (NFC) is supposed to be the next big thing in mobile phones therefore trifinite feels obligated to take a first look at NFC.

The talk was given last week at EUSecWest in London, UK.

Slides and information material are now online.

Slides: Attacking NFC mobile phones

Material at:

Posted by Collin Mulliner on Tue, May 27, 2008 at 06:05 PM | Comments (0) | TrackBack (0)

HID Attack

I almost forgot about this...

HID Attack is about attacking the Bluetooth Human Interface Device application. The software that runs on the desktop PC that communicates with a Bluetooth keyboard, mouse and joystick. The described attack hijacks the bluetooth keyboard driver on the dektop computer to inject arbitrary keypress sequences.

Full details here: HID Attack Website

Download the Proof-of-Concept here: HID Attack

Posted by Collin Mulliner on Wed, January 24, 2007 at 07:02 PM | Comments (0) | TrackBack (0)

Bluetooth® Trademark Violation

Today, a good friend sent me this picture of the backside of a british parking ticket. I share this picture with you for two reasons: Entertainment and education.

According to the Bluetooth® Brand FAQ the Camden Metropolitan Police clearly infringes one of the six commandments stated there.
Obviously, the Camden Metropolitan Police didn't read the news during the last months... they wouldn't be the first ones to undergo "a Bluetooth® SIG masterminded raid" as it happened to a Shenzhen factory earlier this year.

Be responsible and click on the picture in order to report this (tremendous) violation to the Bluetooth® SIG ;)

Do they really advise to "remove" Bluetooth?

Posted by Martin Herfurt on Mon, October 30, 2006 at 11:15 PM | Comments (0)

Slides for PocketPC MMS Attack

Yet another non-Bluetooth topic...

Here are the slides from my defcon-14 talk about MMS-based (Multimedia Messaging Service) attacks against PocketPC phones.

The slides are available here and the WiFi proof-of-concept DoS tool can be downloaded here.

Posted by Collin Mulliner on Tue, August 08, 2006 at 03:20 AM | Comments (0) | TrackBack (0)

TOSHIBA Security Update

I have just been informed by Toshiba that there is a new security update (PC Bluetooth Stack Service Pack 2) that also installs on non-Toshiba PCs.
It is available for download at

Posted by Martin Herfurt on Fri, June 30, 2006 at 05:14 PM

Update: TOSHIBA Advisory

I have just been informed that TOSHIBA published a stable version of the stack. You find it here for download:
Go for the latest Version (4.00.36) and your problems should be solved.
Special Thanks to Toshiba for letting me know about this.

Posted by Martin Herfurt on Wed, June 21, 2006 at 05:43 PM

Del(l)icate Issue

Earlier this year, members of the discovered an issue with the Toshiba Windows Bluetooth Stack. Strangers can remotely cause a system exception on Windows hosts when they know the address of the internal Bluetooth device of this machine by sending large l2cap echo requests to it (see BlueSmack attack).
Toshiba has been informed about this issue in the middle of February 2006 already but didn't manage to fix the problem. Since Toshiba has been informed once more in April 2006 and the issue still is within the product, we finally decided to publish an advisory addressing the problem so that users of the product are warned and can take countermeasures.

Posted by Martin Herfurt on Wed, June 21, 2006 at 08:15 AM | Comments (0)

What a March

During the last month there have been quite a few events. In the beginning of March, there was the BlackHat Europe in Amsterdam. The list of speakers was quite prominent. Before BlackHat started, I also met Dragos who was on holiday together with the organizing team of the EUSecWest that just took place a week before in London.

A week later, I was invited to speak at a very small, but very nice event in Coimbra, Portugal. This event was called 'Wireless Meeting 2006 (WiMe2006)' and already took place once before in 2005. I was very pleased by the student organizers who also got me a translator so that I could understand the other talks that were mainly held in portuguese. At this event, I also had the pleasure to meet the people of a very ambitious project with the goal to globally share broadband Internet access within a community. Even Google was investing quite
a bit of money in this project. Go to their homepage at and start sharing your Internet connection today. I did it already.

The week after Portugal, I have been invited to participate a meeting of Anti-Virus software manufacturers in Germany where I had the chance to talk to a bunch of interesting people and hear their opinion on Bluetooth.

Finally, Adam, Marcel and I spoke at WebSec 2006 in London.
When coming back from London, I visited Hangar-7 where the Red-Bull Owner Dieter Mateschitz keeps his private aviation and Formula 1 collection. This place is definitely worth seeing. If you ever happen to come to Salzburg, this is a must-see (and is is even for free). Co-incidentally, I met an old friend who happens to work at Hangar-7 as a mechanic. He even gave me the full tour including the garage that the average visitor does not happen to see. It is unbelievable how many expensive toys you find in this place (there are pictures (soon)).

Originally, there was the plan to also speak at MEITSEC in Dubai. This would have been right in between the Portugal and the Germany events and I am honestly glad that this got postponed to December.

The slides of the talks will sooner or later appear in the section and pictures of (most of) the places can be found on the trifinite.album page can be found.

At the very moment, I am on my way to Vancouver where CanSecWest will take place. After a week of partying with the CanSec crowd, I am very happy to kick back and relax in the beautiful city of Vancouver until the beginning of may.

Posted by Martin Herfurt on Sun, April 02, 2006 at 02:04 AM | Comments (0)

 ... because infinite is sometimes not enough ... (c) 2004 by