Exploiting buffer overflows over Bluetooth: the BluePass tool

Mobile devices enable users to have ubiquitous access to resources and perform purchases, payments, authentication, storage. Furthermore, short range networks, as Bluetooth, are going to introduce new application paradigms, varying from identification based on mobile device to m-payments. The mobile...

Full description

Saved in:
Bibliographic Details
Published in:Second IFIP International Conference on Wireless and Optical Communications Networks, 2005. WOCN 2005 pp. 66 - 70
Main Author: Gianluigi Me
Format: Conference Proceeding
Language:English
Published: IEEE 2005
Subjects:
Application software
Authentication
Bluetooth
Buffer overflow
Credit cards
Embedded system
Performance evaluation
Privacy
Security
System testing
ISBN:0780390199, 9780780390195
ISSN:1811-3923
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Mobile devices enable users to have ubiquitous access to resources and perform purchases, payments, authentication, storage. Furthermore, short range networks, as Bluetooth, are going to introduce new application paradigms, varying from identification based on mobile device to m-payments. The mobile device, becoming a personal trust device (PTD) can replace every ID card and credit cards, preserving the privacy and confidentiality requested by customers. For this reason is not acceptable any kind of unexpected or unsafe failure. Since many embedded systems don't include a security framework and are vulnerable to buffer overflow attacks they can represent the weakest link in the business model security chain. Furthermore, embedded systems often use proprietary drivers, whose code is not inspectable: thus it's important to perform tests generating all the inputs, looking for protocol-related or application failures. This paper, after presenting the threats to Bluetooth application in embedded systems, focusing on layer 2 and above DoS attacks, presents a easy-to-use testing application to preserve the safe failures before software application deployment.
ISBN:0780390199
9780780390195
ISSN:1811-3923
DOI:10.1109/WOCN.2005.1435990