BlueSnarf++ is an attack that is very similar to the famous BlueSnarf
attack. The main difference is that BlueSnarf++ is an attack
where the attacker has full read/write access to the device's filesystem.
The manufacturers of the devices that are known to be vulnerable
have been informed about this issue.
BlueSnarf++ gives the attacker full read/write access when connecting
to the OBEX Push Profile. Instead of a less functional OBEX Push
daemon, these devices run an OBEX FTP server that can be connected
as the OBEX Push service without pairing. Here the attacker can
see all files in the filesystem (ls command) and can also delete
them (rm command). The filesystem includes eventual memory extensions
like memory sticks or SD cards.
For questions about the BlueSnarf++ attack, feel free to ask Adam
Laurie, Marcel Holtmann
or Martin Herfurt.