You know, just a thought, what if someone was able to upload a program with a PDA with IR, then execute it? J -----Original Message----- From: Joseph Mathews [mailto:jmathewsat_private] Sent: Thursday, August 14, 2003 1:05 PM To: pen-testat_private Subject: RE: Infrared Vulns on laptops You can use a plain mirror to bounce IR signals, however it is subject to heavy interference. A room with dim external lighting would minimize some. A neat little trick to tell if your transmitter (or hack) is actually sending data is to take a digital camera with LCD viewfinder, and point it at the IR LED. You should be able to see the IR LED blinking through the viewfinder. You can test this out with a TV remote control and digital camera. -----Original Message----- From: cprestonat_private [mailto:cprestonat_private] Sent: Thursday, August 14, 2003 1:05 AM To: pen-testat_private Subject: Re: Infrared Vulns on laptops In-Reply-To: <7CD77D0C2B0C6141A928C5F5DC97C4C006514C@ukwtm201> This is pure speculation, so ... As far as IR range goes, I expect that it could be dramatically extended by using a good light-gathering device on the receiving end. If the laptop/device were close to something that reflects IR, maybe the port wouldn't have to be directly aimed at the receiver. If you want to have two-way communication, an IR laser is cheap. Getting the target PC to cooperate would probably be the same order of difficulty as getting other executable code into a system. Of course, not every laptop spends most of its hours in the same position on a desk, and not every executive uses the same laptop in the same airport waiting room frequently, but... Careful people looking for possible information leaks check for IR sources among other wireless possibilities. cmp >Received: (qmail 2581 invoked from network); 11 Aug 2003 18:46:42 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 11 Aug 2003 18:46: 42 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id C85488F35A; Mon, 11 Aug 2003 12:49:15 -0600 (MDT) >Mailing-List: contact pen-test-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <pen-test.list-id.securityfocus.com> >List-Post: <mailto:pen-testat_private> >List-Help: <mailto:pen-test-helpat_private> >List-Unsubscribe: <mailto:pen-test-unsubscribeat_private> >List-Subscribe: <mailto:pen-test-subscribeat_private> >Delivered-To: mailing list pen-testat_private >Delivered-To: moderator for pen-testat_private >Received: (qmail 23410 invoked from network); 11 Aug 2003 12:07:04 -0000 >Message-ID: <7CD77D0C2B0C6141A928C5F5DC97C4C006514C@ukwtm201> >From: "Brewis, Mark" <mark.brewisat_private> >To: "'Whiteside, Larry [contractor]'" <BAE14at_private>, > pen-testat_private >Subject: RE: Infrared Vulns on laptops >Da te: Mon, 11 Aug 2003 19:12:56 +0100 >MIME-Version: 1.0 >X-Mailer: Internet Mail Service (5.5.2656.59) >Content-Type: text/plain; > charset="iso-8859-1" > >Larry, > >There isn't much out there about IrDA vulnerabilities and hacking, other >than hacking Furbies, or getting your laptop to programme your video. > >The IR protocol is unicast, so it won't talk to another IrDA device once a >connection has been made to a particular device. It will drop and restart >if a connection between one device is lost and another created. > >Under Windows (including CE) the IrDA connection can be configured so that >the user has to accept an incoming data transfer. I've had patchy luck >getting phones and PDA's to talk under Linux, so someone better versed >should comment on that, but I seem to remember it was much the same. > >Unless the user has actually enabled and is running the IrDA interface then >it isn't possible to send anything to a user. Good security practice is --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 15 2003 - 14:02:05 PDT