RE: Infrared Vulns on laptops

From: Esler, Joel Contractor (joel.esler@rcert-s.army.mil)
Date: Fri Aug 15 2003 - 05:16:17 PDT

  • Next message: NixGuru: "Re: Infrared Vulns on laptops"

    You know, just a thought, what if someone was able to upload a program with
    a PDA with IR, then execute it?
    J
    
    -----Original Message-----
    From: Joseph Mathews [mailto:jmathewsat_private] 
    Sent: Thursday, August 14, 2003 1:05 PM
    To: pen-testat_private
    Subject: RE: Infrared Vulns on laptops
    
    
    You can use a plain mirror to bounce IR signals, however it is subject to
    heavy interference.  A room with dim external lighting would minimize some.
    A neat little trick to tell if your transmitter (or hack) is actually
    sending data is to take a digital camera with LCD viewfinder, and point it
    at the IR LED.  You should be able to see the IR LED blinking through the
    viewfinder.  You can test this out with a TV remote control and digital
    camera.
    
    -----Original Message-----
    From: cprestonat_private [mailto:cprestonat_private]
    Sent: Thursday, August 14, 2003 1:05 AM
    To: pen-testat_private
    Subject: Re: Infrared Vulns on laptops
    
    
    In-Reply-To: <7CD77D0C2B0C6141A928C5F5DC97C4C006514C@ukwtm201>
    
    This is pure speculation, so ...  As far as IR range goes, I expect that it
    could be dramatically extended by using a good light-gathering device on the
    receiving end.  If the laptop/device were close to something that reflects
    IR, maybe the port wouldn't have to be directly aimed at the receiver.  If
    you want to have two-way communication, an IR laser is cheap.  Getting the
    target PC to cooperate would probably be the same order of difficulty as
    getting other executable code into a system.  Of course, not every laptop
    spends most of its hours in the same position on a desk, and not every
    executive uses the same laptop in the same airport waiting room frequently,
    but...  Careful people looking for possible information leaks check for IR
    sources among other wireless possibilities.  cmp  >Received: (qmail 2581
    invoked from network); 11 Aug 2003 18:46:42 -0000 >Received: from
    outgoing2.securityfocus.com (205.206.231.26) >  by mail.securityfocus.com
    with SMTP; 11 Aug 2003 18:46:
    42 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com
    [205.206.231.19]) >	by outgoing2.securityfocus.com (Postfix) with QMQP >
    id C85488F35A; Mon, 11 Aug 2003 12:49:15 -0600 (MDT) >Mailing-List: contact
    pen-test-helpat_private; run by ezmlm >Precedence: bulk >List-Id:
    <pen-test.list-id.securityfocus.com> >List-Post:
    <mailto:pen-testat_private> >List-Help:
    <mailto:pen-test-helpat_private> >List-Unsubscribe:
    <mailto:pen-test-unsubscribeat_private> >List-Subscribe:
    <mailto:pen-test-subscribeat_private> >Delivered-To: mailing list
    pen-testat_private >Delivered-To: moderator for
    pen-testat_private >Received: (qmail 23410 invoked from network); 11
    Aug 2003 12:07:04 -0000 >Message-ID:
    <7CD77D0C2B0C6141A928C5F5DC97C4C006514C@ukwtm201> >From: "Brewis, Mark"
    <mark.brewisat_private> >To: "'Whiteside, Larry [contractor]'"
    <BAE14at_private>, >	pen-testat_private >Subject: RE: Infrared
    Vulns on laptops >Da
    te: Mon, 11 Aug 2003 19:12:56 +0100 >MIME-Version: 1.0 >X-Mailer: Internet
    Mail Service (5.5.2656.59) >Content-Type: text/plain; >	charset="iso-8859-1"
    > >Larry, > >There isn't much out there about IrDA vulnerabilities and
    hacking, other >than hacking Furbies, or getting your laptop to programme
    your video. > >The IR protocol is unicast, so it won't talk to another IrDA
    device once a >connection has been made to a particular device.  It will
    drop and restart >if a connection between one device is lost and another
    created. > >Under Windows (including CE) the IrDA connection can be
    configured so that >the user has to accept an incoming data transfer.  I've
    had patchy luck >getting phones and PDA's to talk under Linux, so someone
    better versed >should comment on that, but I seem to remember it was much
    the same. > >Unless the user has actually enabled and is running the IrDA
    interface then >it isn't possible to send anything to a user.  Good security
    practice is 
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    
    
    
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Fri Aug 15 2003 - 14:02:05 PDT