Exploiting buffer overflows over Bluetooth: the BluePass tool

Mobile devices enable users to have ubiquitous access to resources and perform purchases, payments, authentication, storage. Furthermore, short range networks, as Bluetooth, are going to introduce new application paradigms, varying from identification based on mobile device to m-payments. The mobile...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Second IFIP International Conference on Wireless and Optical Communications Networks, 2005. WOCN 2005 s. 66 - 70
Hlavní autor: Gianluigi Me
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 2005
Témata:
Application software
Authentication
Bluetooth
Buffer overflow
Credit cards
Embedded system
Performance evaluation
Privacy
Security
System testing
ISBN:0780390199, 9780780390195
ISSN:1811-3923
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Mobile devices enable users to have ubiquitous access to resources and perform purchases, payments, authentication, storage. Furthermore, short range networks, as Bluetooth, are going to introduce new application paradigms, varying from identification based on mobile device to m-payments. The mobile device, becoming a personal trust device (PTD) can replace every ID card and credit cards, preserving the privacy and confidentiality requested by customers. For this reason is not acceptable any kind of unexpected or unsafe failure. Since many embedded systems don't include a security framework and are vulnerable to buffer overflow attacks they can represent the weakest link in the business model security chain. Furthermore, embedded systems often use proprietary drivers, whose code is not inspectable: thus it's important to perform tests generating all the inputs, looking for protocol-related or application failures. This paper, after presenting the threats to Bluetooth application in embedded systems, focusing on layer 2 and above DoS attacks, presents a easy-to-use testing application to preserve the safe failures before software application deployment.
ISBN:0780390199
9780780390195
ISSN:1811-3923
DOI:10.1109/WOCN.2005.1435990