Larry, There isn't much out there about IrDA vulnerabilities and hacking, other than hacking Furbies, or getting your laptop to programme your video. The IR protocol is unicast, so it won't talk to another IrDA device once a connection has been made to a particular device. It will drop and restart if a connection between one device is lost and another created. Under Windows (including CE) the IrDA connection can be configured so that the user has to accept an incoming data transfer. I've had patchy luck getting phones and PDA's to talk under Linux, so someone better versed should comment on that, but I seem to remember it was much the same. Unless the user has actually enabled and is running the IrDA interface then it isn't possible to send anything to a user. Good security practice is therefore to enable it only when it is needed, and to have it prompt you to accept anything. A user has to consciously send information to another device. I doubt it would be easy to write a trojan to enable the IrDA port and send information out on an ad hoc basis. There aren't many tools out there to even try and play with IrDA. Ethereal will sniff the interface on a PC (sniffing your own data), and there are specific IR sniffers for Linux, e.g., http://www.linuxselfhelp.com/HOWTO/Infrared-HOWTO/infrared-howto-s-sniffer.h tml I haven't tried that one, but have used the irda-utils, irda-utils-0.9.15.tar.gz, from Sourceforge, http://sourceforge.net/project/showfiles.php?group_id=5616 There are also some specialist tools for Palms, http://mcl.cs.byu.edu/noframes/research.html The very short range of IrDA (I know what the standards say, but you are lucky if it works at more than a few inches in my experience,) the unicast nature and the ability to require user intervention in accepting a connection all mitigate the risk to a very low level. If someone is exploiting IrDA, it is almost certainly someone coming out of a Phreaking background, who is a dab hand with a soldering iron and has some esoteric programming skills. I reckon the risk is quite low, although I'd be happy to hear from anyone who can prove me wrong! Hope this helps, Mark Mark Brewis Security Consultant EDS Information Assurance Group Wavendon Tower Milton Keynes Buckinghamshire MK17 8LX. Tel: +44 (0)1908 28 4234/4013 Fax: +44 (0)1908 28 4393 E@: mark.brewisat_private This email is confidential and intended solely for the use of the individual(s) to whom it is addressed. Any views or opinions presented are solely those of the author. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this mail is strictly prohibited. Precautions have been taken to minimise the risk of transmitting software viruses, but you must carry out your own virus checks on any attachment to this message. No liability can be accepted for any loss or damage caused by software viruses. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 11:55:25 PDT