[ISN] Vendor Claims Hackers Can Hijack Hotspot Authentication

From: InfoSec News (isn@private)
Date: Fri Jun 18 2004 - 01:57:02 PDT

Next message: InfoSec News: "[ISN] Web-security group seeks to plant its flag in San Antonio"

Previous message: InfoSec News: "[ISN] US firm spread hostage video"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.mobilepipeline.com/showArticle.jhtml?articleID=22100402

[Slow day at the Integralis Security Labs? Read the their advisory,
and I'm sure you will agree that social engineering one of the
employees would be considerably easier than trying to abuse three
seperate technologies just to score free Hotspot airtime.  - WK]


By Mobile Pipeline News 
June 17, 2004

A security flaw in some implementations of Bluetooth enables hackers 
to easily steal Wi-Fi hotspot authentication information, a U.K. 
security firm said Thursday. 

According to security integrator Integralis, the Bluetooth flaw is 
exploited when users sign up for hotspot access using SMS text 
messaging, a method allowed by a variety of hotspot providers. The 
Bluetooth security flaw enables nearby hackers to intercept the SMS 
message containing log-on information as it travels between the user 
and the hotspot vendor, according to the company. 

The company issued a security advisory [1] this week about the
problem.  The company said it found the potential problem exists with
a variety of operators including Cingular in the U.S., and T-Mobile
and Vodafone in Europe.

For example, T-Mobile enables its voice users to send an SMS message 
to a specific number containing the word "open." The company then 
sends a message back to the user with log-on information. The victim 
will be billed for all the unauthorized access while detection of the 
attack is virtually impossible, according to Integralis. 

The company said the attack can be automated and accomplished in under 
a minute. It said it had no evidence that such attacks have actually 
occurred. 

The company suggested users first check to see if their phones are 
vulnerable by accessing a separate security advisory it previously 
issued. It also suggested that users check for firmware updates for 
their phones, to switch off Bluetooth visible mode and, if possible, 
to not use Bluetooth in public places. 

[1] http://www.integralis.co.uk/about_us/press_releases/2004/150604SA.html
 


_________________________________________
ISN mailing list
Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
(Broke? Spend 15 minutes a day on the project!)

Next message: InfoSec News: "[ISN] Web-security group seeks to plant its flag in San Antonio"
Previous message: InfoSec News: "[ISN] US firm spread hostage video"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 18 2004 - 02:35:49 PDT