BlueSnarf Revisited: OBEX FTP Service Directory Traversal
نویسندگان
چکیده
As mobile operating systems reach the same level of complexity of computer operating systems, these may be affected by the same vulnerabilities and may be subject to the same kind of attacks. Bluetooth provides connectivity to a mobile phone but this network can also be used as a channel to deploy attacks and access its resources, such as personal information, confidential files or the possibility of making phone calls and consume the user’s balance. When the first attacks to early Bluetooth mobile phones came up, manufacturers were forced to raise awareness about Bluetooth and make improvements in the security of the implementation. In spite of the improvements, we introduce a multi-platform vulnerability for mobile phones that allows a remote attacker to list arbitrary directories, and read and write arbitrary files via Bluetooth. Our experience shows that the attack can be performed in a real environment and it may lead to data theft.
منابع مشابه
Naviz: User Behavior Visualization of Dynamic Page
Navigational behavior of website visitors can be extracted from web access log files with data mining techniques such as sequential pattern mining. Visualization of the discovered patterns is very helpful to understand how visitors navigate over the various pages on the site. Currently several web log visualization tools have been developed. However those tools are far from satisfactory. They d...
متن کاملTaint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Range of Attacks
Policy-based confinement, employed in SELinux and specification-based intrusion detection systems, is a popular approach for defending against exploitation of vulnerabilities in benign software. To be effective, this approach requires the development of accurate application-specific security policies, which is a difficult task. Even if sufficient resources and expertise are expended for policy ...
متن کاملFTPGrid: A New Paradigm for Distributed FTP System
FTP is one of the most important applications on the Internet. This paper introduces a new paradigm for distributed FTP system called FTPGrid, which consists of a collection of FTP servers that work cooperatively and serve all FTP clients. FTPGrid adopts client/grid architecture. FTP clients connect to one server and access all resources in the grid. Some key issues such as resource directory a...
متن کاملMFTPM: Maximum Frequent Traversal Pattern Mining with Bidirectional Constraints
An important application of sequential mining technique is maximal frequent traversal pattern mining, since users’ traversal pattern and motivation are latent in session sequence at some time segment. In this paper, a Frequent Traversal Pattern Tree structure with dwell time (FTP-Tree) is designed to store, compress the session database, and simplify the configuration of dwell time thresholds d...
متن کاملNaviz : Website Navigational Behavior Visualizer
Navigational behavior of website visitors can be extracted from web access log files with data mining techniques such as sequential pattern mining. Visualization of the discovered patterns is very helpful to understand how visitors navigate over the various pages on the site. Currently several web log visualization tools have been developed. However those tools are far from satisfactory. They d...
متن کامل