[转载]bluetooth device security database
信息来源:<A href="http://www.betaversion.net/btdsd/">[url]http://www.betaversion.net/btdsd/[/url]</A><BR><BR><STRONG>Introduction:</STRONG><UL>There are many different types of bluetooth devices like mobile phones, PDAs or printers which provide many different services. Each manufacturer has a different view of security which leaves us in a great field of different security vulnerabilitys on wireless devices. This site is dedicated to change this in that form that it trys to provide a database with all needed information like manufacturer/device/revision/services/security_measures. Also the project trys to provide a list of security testing/analysis software special for bluetooth devices, this also includes proofs of concept implementations for discovered vulnerabilitys to show that a particular threat really is exploitable. </UL><B>News:</B>
<UL>
<LI>[Apr. 18. 2005] many additions to the database
<LI>[Jan. 22. 2005] additions to the database
<LI>[Jan. 09. 2005] added more documents and a cool hack (using obexftp to grab the T610 address book) check download section
<LI>[Dec. 27. 2004] check out <A href="http://trifinite.org/trifinite_stuff_blueprinting.html">BluePrinting</A> a Bluetooth device fingerprinting tool.
<LI>[Oct. 21. 2004] addition to the database
<LI>[Sep. 27. 2004] addition to the database
<LI>[Sep. 20. 2004] btdsd is on a new server after being 4 days down
<LI>[July 25. 2004] some additions to the database
<LI>[June 01. 2004] release of bt_audit (see below)
<LI>[Apr 08. 2004] more additions to the database
<LI>[Apr 05. 2004] more additions to the database
<LI>[Feb 25. 2004] some new additions to the database
<LI>New version of PSM scan, now supports raw sockets for detailed information on the PSM status
<LI><A href="http://heise.de/newsticker/data/dab-16.12.03-002/">heise.de</A> reports security flaw in D-Link Bluetooth access point
<LI>I'm going to the <A href="http://www.ccc.de/congress/2003/">20th Chaos Communication Congress</A> 27-29 Dec. 2003 Berlin Germany, I hope to get some additions into the database thru this event </LI></UL><B>Mailing list:</B>
<UL>The <B>btdsdlist</B> is a place to discuss bluetooth security related topics (like bug announcements etc...). Currently the list is only very very low volume, just subscribe.<BR><BR><A href="http://www.betaversion.net/mailman/listinfo/btdsdlist">btdsdlist's Mailman interface</A> here you can subscribe, unsubscribe or browse the archive<BR></UL><B>Documentation:</B>
<UL><A href="http://www.bluetooth.org/">Bluetooth Official Site</A><BR><A href="http://sourceforge.net/projects/bluez/">BlueZ the Linux Bluetooth stack</A><BR><A href="http://www.irda.org/standards/specifications.asp">IRDA (OBEX/IrMC)</A><BR><A href="http://www.holtmann.org/papers/bluetooth/saimba_slides.pdf">small presentation on Bluetooth Security (German)</A> very good (it's a basic read)<BR><A href="http://www.bluestumbler.org/">bluestumbler.org</A> Bluetooth security<BR><A href="http://www.phenoelit.de/stuff/CCCamp_FtR_2003.pdf">Phenoelit on Embedded Systems Security (HP Printers and Siemens S55)</A> very good<BR><A href="http://www.heise.de/mobil/bluetooth/db/">a general Bluetooth device database</A> (by heise in German only!)<BR><A href="http://agentsmith.salzburgresearch.at/BlueSnarf/">Bluesnarfing @ CeBIT 2004</A><BR><A href="http://cansecwest.com/csw04/csw04-Whitehouse.pdf">@stake on Bluetooth security (Apr. 2004)</A><BR><A href="http://securityresponse.symantec.com/avcenter/venc/data/epoc.cabir.html">Cabir - the first mobile phone virus/worm for Series 60 (Symbian), spreads of Bluetooth</A> (link to Symantec)<BR><A href="http://www.pentest.co.uk/documents/wicon_2004.pdf">Pentest Ltd., Bluetooth vulnerabilities, Fact and Fiction</A><BR><A href="http://www.pentest.co.uk/documents/bt_dongle_mod/bt_dongle_mod.html">Pentest Ltd., Modifying a Bluetooth dongle for an external antenna</A><BR><A href="http://www.pentest.co.uk/documents/ptl-2004-03.html">Pentest Ltd., on security holes in Windows Bluetooth stack from Widcomm</A><BR><A href="http://www.socalwug.org/media/1mile-bluetooth-g4techtv-091604.rm">1.5 Mile BlueSnarf Video from G4TechTV (Flexilis people and a few others)</A><BR><A href="http://www.trifinite.org/">the trifinite group</A> bluetooth security research<BR><A href="http://www.giac.org/practical/GCIA/Scott_Renna_GCIA.pdf">Scott Renna on Bluetooth vulnrabilities</A><BR><A href="http://student.vub.ac.be/~sijansse/2e%20lic/BT/welcome.html">Sil Janssens - Bluetooth security link collection and Master Thesis</A><BR></UL><B>Tools:</B>
<UL><B>Local:</B>
<UL><A href="http://www.betaversion.net/btdsd/download/bt_audit-0.1.tar.gz">bt_audit</A> (v0.1) small bluetooth audit suit containing psm_scan, rfcomm_scan and a script for generating database entries for btdsd<BR><A href="http://www.betaversion.net/btdsd/download">general download section</A> current, old and mirrored stuff<BR></UL><BR><B>OfSite:</B>
<UL><A href="http://www.saftware.de/bluetooth/btxml.c">Bluetooth phone book dumper (Linux BlueZ)</A> for Nokia 6310i and some Ericssons, NO PAIRING needed, compile with: gcc btxml.c -o btxml -lbluetooth, it simply uses GSM AT commands over a RFCOMM connection, thanks Obi!<BR><A href="http://www.atstake.com/research/tools/info_gathering/#redfag">@stake Redfang</A> find non-discoverable devices<BR><A href="http://bluesniff.shmoo.com/">bluesniff</A><BR><A href="http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads§ion=01_bluetooth">btscanner</A> information gethering<BR><A href="http://www.mulliner.org/palm/bluespam.php">BlueSpam for PalmOS</A> a btOBEX spammer<BR><A href="http://trifinite.org/trifinite_stuff_blueprinting.html">BluePrint</A> Bluetooth fingerprinting (like nmap is for TCP/IP)<BR></UL></UL><B>Contact:</B>
<UL>btdsd(AT)betaversion.net<BR></UL><B>About:</B>
<UL>Who is behind btdsd?<BR><BR>Currently it's only me <A href="http://www.mulliner.org/collin/">Collin Mulliner</A>, but I'm looking for volunteers to help, this should be a community project anyway!</UL>
页:
[1]