Security Now 283

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 283

Security Now 283: Hacking Bluetooth

Cross Fuzz, warrantless cell phone searches, Obama's "Unified Internet Identity", flavors of bluetooth hacking, and more.

News & Errata

13:01 - 14:30

  • Two fixes on patch Tuesday
    • 1 critical on all versions of Windows
    • 1 important
    • IE CSS 0 day vulnerability still not fixed

14:31 - 15:00

  • A hack to get around the flash 8 sandbox has been found

15:01 - 17:42

  • Microsoft has commented on why it didn't immediately respond to the vulnerability found in IE by a researcher at Google
  • It takes a series of pages to be loaded in a certain order for the hack to work so Microsoft couldn't reproduce it initially

17:43 - 21:37

  • The California supreme court ruled that police can search cell phones without a warrant

21:38 - 23:22

  • Obama wants to introduce a "Unified Internet Identity"

23:23 - 30:01

  • A 'new' WPA vulnerability has been found
  • Steve says it isn't new and WPA isn't vulnerable
  • The researcher used the large amount of processing power available at Amazons EC2 to brute force the password
  • If you use a long random password it can still not be cracked
  • The researcher could check 400,000 passwords a second, at a cost of 28 cents a minute

30:02 - 30:49

  • Firesheep has passed 1 million downloads

30:50 - 31:44

  • A correction to what Steve said last week
  • Sony did not buy Ericsson they partnered with them

Spinrite Story

31:45 - 33:17 Martin Perret (Unknown)

Spinrite fixed a broken drive

Hacking Bluetooth

38:15 - 01:14:45

  • In 2004 / 2005 it was clear that bluetooth was being put on many platforms like PDA's just because everyone else was
  • Security wasn't a consideration for the manufactures though
  • In 2005 a hacker had a PDA that didn't need to be paired but could share files
  • Some devices did not come with unique ID's like they should have

  • "Bluejacking" - the ability to send unsolicited text messages to devices
  • Named after a guy called Ajack

  • "Bluesnarfing" - unauthorised copying
  • The contents of peoples phones could be taken by criminals if your phone was left in discoverable mode and had an exploit

  • Lots of exploits use the ATcommand set (Attention Command)
  • Allows you to mix command and data through the same channel

  • Anyone who has brought a phone in the last few years is probably safe
  • The service discovery protocol enumerates what services are available on a device and this also leaks additional information

  • HelloMotto attack - takes advantage of an incorrect implementation of the trusted device handling on some Motorola devices and lets you take control of the device

  • Bluetoone - uses a high gain antenna to increase the range of bluetooth dongles

  • RedFang - Finds devices that are not in discoverable mode (still a problem today)
    • Listens to the entire bluetooth spectrum (79 channels) to find devices
    • Bruteforces the MAC address
    • Limited in what it can do though without being paired to the device

  • Carwhisperer - in order to pair you must exchange information (a pin) in a way eves droppers cant detect
    • However you cant enter a pin in some devices due to a lack of input / output device
    • So bluetooth scales security down to accommodate for this
    • If the bluetooth in devices such as cars is left in discoverable mode then hackers can spy on you in the car
    • Or if it only uses a 4 digit pin it can be bruteforced

  • The only line of defense is pairing
  • Devices that have already been paired with something else are easier to hack




  • offer code SecurityNow
  • Carb-3
  • ad times: 1:09-1:19 and 33:45-37:47

Production Information

  • Edited by: Tony
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.