Sunday, August 26, 2007

Show #44 - 08.26.2007



[Download Show #44 as MP3]

News
  • Hotmail Increases Default Storage to 5Gb (2x Gmail)
  • Teen Girls Play with Technology at IBM Tech Camp
    • IBM held a Tech Cap last weekend where junior high girls got to learn about technology
    • This is an outreach that IBM has been doing for the last few years in hope to get girls interested in technical jobs
    • They got to play with Liquid Nitrogen, Second Life, and other new technologies
    • There is also a mentoring program which many of the "counselors" (IBM employees) participate in, to keep in touch with the students throughout the year
    • This is a great idea to get more young women interested in careers in technology
  • Artificial Life Likely in 3-5 YEars?
  • SourceFire Buys ClamAV
    • SourceFire bought the most popular open source anti-virus utility currently available
    • ClamAV is the backend to several open source anti-virus programs including ClamWin (a person favorite of Derek and myself)
    • SourceFire plans on offering ClamAV products and support by the fourth quarter of 2007 and
    • Has plans to add ClamAV based products as part of the companies Enterprise Threat Management portfolio in late 2008.

History of Bluetooth
  • Harald Bluetooth was King of Denmark between 940 and 985 AD (45 years)
  • Harald's sister, after loosing her husband to battle, asked Harald to secure control of Denmark
  • Harald took this opportunity to sieze control himself.
  • By 960 he was in the height of his power ruling over both Denmark and Norway
  • Harald was killed in battle in 985 AD
  • While he may have no longer ruled the two countries, he had united them.
  • Today Bluetooth is named after him and it will unite the worlds of computers and telecommunications

  • Wikipedia: Bluetooth was named after a late tenth century king, Harald Bluetooth King of Denmark and Norway. He is known for his unification of previously warring tribes from Denmark (including now Swedish Scania, where the Bluetooth technology was invented), and Norway. Bluetooth likewise was intended to unify different technologies, such as computers and mobile phones.

    The name may have been inspired less by the historical Harald than the loose interpretation of him in The Long Ships by Frans Gunnar Bengtsson, a Swedish Viking-inspired novel.

    The Bluetooth logo merges the Nordic runes analogous to the modern Latin H and B: hagall and bjarkan from the Younger Futhark runes forming a bind rune.

  • In 1994 Ericsson Mobile Communications initiated a study to investiage the feasibility of a low-power low-cost radio interface between mobile phones and their accessories.
  • In February of 1998 Ericsson, Nokia, IBM, Toshiba, and Intel formed a Special Interest Group (SIG) that now had two market leaders from mobile telephony and laptop computing as well as one from the digital signal processing industry.
  • Bluetooth has exploded and is a built-in technology in hundreds of millions of cell phones, cars, computers, gaming consoles like the PS3, and there are more devices to come.

What can you use Bluetooth for?
  • Mobile phone ear piece
  • Car hands-free speakerphone
  • Mobile-to-mobile file transfer
  • Computer-to-computer file transfer
  • Mobile-to-computer file transfer
  • Controllers
  • Connecting Devices

Computers / Laptops
  • Personal Area Networks
    • Print using Bluetooth
    • Connect to the internet via bluetooth
    • Sync data between devices
  • Connect Computer Peripherials
    • Bluetooh Mouse
    • Bluetooth Keyboards

Cell Phones
  • Headsets
    • Motorola
    • Plantoronix
    • Sony Erricson
    • Jabra
  • Hands-free
    • Licoln
    • Audi
    • Lexus
    • Mercedes

Gaming Systems
  • Playstation 3
    • Bluetooth Printers
    • Video/Photo Cameras
    • Remote Controls
    • Game Controllers


 Penny Pinchers

Security & Privacy

2003:
In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security may lead to disclosure of personal data.[18] It should be noted, however, that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.

In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the CeBIT fairgrounds, showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment.[19]

2004:
In April 2004, security consultant firm @stake (now Symantec) revealed a security flaw that makes it possible to crack conversations on Bluetooth based wireless headsets by reverse engineering the PIN.[citation needed]

This is one of a number of concerns that have been raised over the security of Bluetooth communications. In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared on the Symbian OS.[20] The virus was first described by Kaspersky Lab and requires users to confirm the installation of unknown software before it can propagate.

The virus was written as a proof-of-concept by a group of virus writers known as 29A and sent to anti-virus groups. Thus, it should be regarded as a potential (but not real) security threat to Bluetooth or Symbian OS since the virus has never spread in the wild.

In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that the range of Class 2 Bluetooth radios could be extended to 1.78 km (1.08 mile) with directional antennas.[21] This poses a potential security threat because it enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation. However, such experiments do not work with signal amplifiers. The attacker must also be able to receive information from the victim to set up a connection. No attack can be made against a Bluetooth device unless the attacker knows its Bluetooth address and which channels to transmit on.

2005:
In April 2005, Cambridge University security researchers published results of their actual implementation of passive attacks against the PIN-based pairing between commercial Bluetooth devices, confirming the attacks to be practicably fast and the Bluetooth symmetric key establishment method to be vulnerable. To rectify this vulnerability, they carried out an implementation which showed that stronger, asymmetric key establishment is feasible for certain classes of devices, such as handphones.[22]

In June 2005, Yaniv Shaked and Avishai Wool published the paper "Cracking the Bluetooth PIN1," which shows both passive and active methods for obtaining the PIN for a Bluetooth link. The passive attack allows a suitably equipped attacker to eavesdrop on communications and spoof if they were present at the time of initial pairing. The active method makes use of a specially constructed message that must be inserted at a specific point in the protocol, to make the master and slave repeat the pairing process. After that, the first method can be used to crack the PIN. This attack's major weakness is that it requires the user of the devices under attack to re-enter the PIN during the attack when the device prompts them to. Also, this active attack probably requires custom hardware, since most commercially available Bluetooth devices are not capable of the timing necessary.[23]

In August 2005, police in Cambridgeshire, England, issued warnings about thieves using Bluetooth-enabled phones to track other devices left in cars. Police are advising users to ensure that any mobile networking connections are de-activated if laptops and other devices are left in this way.[24]

2006:
In April 2006, researchers from Secure Network and F-Secure published a report that warns of the large number of devices left in a visible state, and issued statistics on the spread of various Bluetooth services and the ease of spread of an eventual Bluetooth worm.[25]

In October 2006, at the Luxemburgish Hack.lu Security Conference, Kevin Finistere and Thierry Zoller demonstrated and released a remote root shell over Bluetooth on Mac OSX 10.3.9 and 10.4. They also demonstrated the first Bluetooth PIN and Linkkeys cracker, which is based on the research of Wool and Shaked.

Bluejacking:
Bluejacking allows phone users to send business cards anonymously using Bluetooth wireless technology. Bluejacking does NOT involve the removal or alteration of any data from the device. These business cards often have a clever or flirtatious message rather than the typical name and phone number. Bluejackers often look for the receiving phone to ping or the user to react. They then send another, more personal message to that device. Once again, in order to carry out a bluejacking, the sending and receiving devices must be within range of each other, which is typically 10 meters for most mobile devices. Phone owners who receive bluejack messages should refuse to add the contacts to their address book. Devices that are set in non-discoverable mode are not susceptible to bluejacking.

Bluebugging:
Bluebugging allows skilled individuals to access the mobile phone commands using Bluetooth wireless technology without notifying or alerting the phone’s user. This vulnerability allows the hacker to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations, and connect to the Internet. As with all the attacks, without specialized equipment, the hacker must be within range of the phone, typically 10 meters. This is a separate vulnerability from bluesnarfing and does not affect all of the same phones as bluesnarfing.


Health Concerns
 Bluetooth uses the microwave radio frequency spectrum in the 2.4 GHz to 2.4835 GHz range. Maximum power output from a Bluetooth radio is 1 mW, 2.5 mW, and 100 mW for Class 3, Class 2, and Class 1 devices respectively, which puts Class 1 at roughly the same level as cell phones, and the other two classes much lower.[26] Accordingly, Class 2 and Class 3 Bluetooth devices are considered less of a potential hazard than cell phones, and Class 1 may be comparable to that of cell phones, for which health risks are well known.

Emerging Bluetooth Technology
  • Home Control Systems
  • Eventually Replace All Cables?

The next version of Bluetooth after v2.1, code-named Seattle, that will be called Bluetooth 3.0, has many of the same features, but is most notable for plans to adopt ultra-wideband (UWB) radio technology. This will allow Bluetooth use over UWB radio, enabling very fast data transfers of up to 480 Mbit/s, while building on the very low-power idle modes of Bluetooth.

On June 12, 2007, Nokia and Bluetooth SIG announced that Wibree will be a part of the Bluetooth specification as an ultra low power Bluetooth technology[15]. Expected user cases include watches displaying Caller ID information, sports sensors monitoring your heart rate during exercise, as well as medical devices. The Medical Devices Working Group is also creating a medical devices profile and associated protocols to enable this market.

The main contributor to the development of the Wibree standard is the Norwegian company Nordic Semiconductor. [16]

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)