1 min read
The BlueSnarf attack is probably the most famous Bluetooth attack, since it is the first major security issue related to Bluetooth enabled devices. BlueSnarf has been identified by Marcel Holtmann in September 2003. Independently, Adam Laurie discovered the same vulneralbility in November 2003 posted the issue on Bugtraq and got in touch with the respective device manufacturers.
In order to perfom a BlueSnarf attack, the attacker needs to connect to the OBEX Push Profile (OPP), which has been specified for the easy exchange of business cards and other objects. In most of the cases, this service does not require authentication. Missing authentication is not a problem for OBEX Push, as long as everything is implemented correctly. The BlueSnarf attack connects to an OBEX Push target and performs an OBEX GET request for known filenames such as ‘telecom/pb.vcf’ for the devices phone book or ‘telecom/cal.vcs’ for the devices calendar file. (There are many more names of files in the IrMC Specification). In case of improper implementation of the device firmware, an attacker is able to retrieve all files where the name is either known or guessed correctly.
thebunker.net - Adam Laurie’s page about the BlueSnarf attack
Adam Laurie is Chief Security Officer and a Director of The Bunker Secure Hosting Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties.
Marcel Holtmann is the maintainer and the core developer of the official Linux Bluetooth stack which is called BlueZ. He started working with the Bluetooth technology back in 2001. His work includes new hardware drivers, upper layer protocol implementations and the integration of Bluetooth into other subsystems of the Linux kernel.