[ISN] Vendor Claims Hackers Can Hijack Hotspot Authentication
InfoSec News
isn at c4i.org
Fri Jun 18 04:57:02 EDT 2004
http://www.mobilepipeline.com/showArticle.jhtml?articleID=22100402
[Slow day at the Integralis Security Labs? Read the their advisory,
and I'm sure you will agree that social engineering one of the
employees would be considerably easier than trying to abuse three
seperate technologies just to score free Hotspot airtime. - WK]
By Mobile Pipeline News
June 17, 2004
A security flaw in some implementations of Bluetooth enables hackers
to easily steal Wi-Fi hotspot authentication information, a U.K.
security firm said Thursday.
According to security integrator Integralis, the Bluetooth flaw is
exploited when users sign up for hotspot access using SMS text
messaging, a method allowed by a variety of hotspot providers. The
Bluetooth security flaw enables nearby hackers to intercept the SMS
message containing log-on information as it travels between the user
and the hotspot vendor, according to the company.
The company issued a security advisory [1] this week about the
problem. The company said it found the potential problem exists with
a variety of operators including Cingular in the U.S., and T-Mobile
and Vodafone in Europe.
For example, T-Mobile enables its voice users to send an SMS message
to a specific number containing the word "open." The company then
sends a message back to the user with log-on information. The victim
will be billed for all the unauthorized access while detection of the
attack is virtually impossible, according to Integralis.
The company said the attack can be automated and accomplished in under
a minute. It said it had no evidence that such attacks have actually
occurred.
The company suggested users first check to see if their phones are
vulnerable by accessing a separate security advisory it previously
issued. It also suggested that users check for firmware updates for
their phones, to switch off Bluetooth visible mode and, if possible,
to not use Bluetooth in public places.
[1] http://www.integralis.co.uk/about_us/press_releases/2004/150604SA.html
More information about the ISN
mailing list