[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: hitb cinema :: lock picking village :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Conference Materials: http://conference.hitb.org/hitbsecconf2007kl/materials/

Official Photos: http://photos.hitb.org

Dino Covotsos (Managing Director, Telspace Systems)

Filed under: Main Page — Administrator @ 9:30 pm

Presentation Title: Hacking the Bluetooth Stack for Fun, Fame and Profit
Presentation Details:

Enhancements in cellular technology and mobile computing in recent years has lead to the availability of affordable and powerful mobile devices. Where before cellular phones where relegated only to the business class and other members of the upper-echelon of society, today they are deemed a necessity and have become so cheap in comparison to phones of years past that almost anybody can own one.

One of these enhancements is definitely the Bluetooth specification, which allows for the creation of short range wireless personal area networks. In recent years however, it has come to light that various flaws exist in certain Bluetooth implementations. Our paper aims at demystifying these vulnerabilities. Amongst other things it will include the procedures involved in bluesnarfing, the potential hazards of bluejacking as well as the backdooring of mobile devices. We will also be demonstrating the tools and techniques used in accomplishing the above listed attacks.

A breakdown of what will be on display is as follows:

  • Bluesnarfing - A demonstration video will be made available, showing how restricted phone data such as phonebooks and international mobile equipment identities can be harvested from vulnerable phones.
  • A derivative of the bluesnarfing is the bluesnarf++ attack. Where normal bluesnarfing exploits the object exchange’s push profile daemon, the bluesnarf++ attack targets the object exchange’s file transfer profile, effectively giving attackers full access to any data stored on the device if successful.
  • Gaining access to a phones AT command set via RFCOMM channels allows attackers to make phone calls, send and read sms’s and more, depending on the make and model of the phone being targeted. Also known as a bluebug attack, it has caused a stir recently when it was discovered that victim’s phones were being used to call premium-rate numbers.
  • Backdooring a mobile device via Bluetooth involves hiding the device - be it a laptop or another mobile device - from the targets paired devices register. This technique can be used to enhance bluesnarfing attacks.

    About Dino

  • Dino Covotsos is the Founder and Managing Director of Telspace Systems, a South African IT security firm which started business in 2002. Mr. Covotsos has many years of experience in the IT security industry and has been involved in many different large scale projects worldwide, ranging from vulnerability assessment to attack and penetration testing for corporate clients. Mr.Covotsos uses his hands on knowledge to help secure corporate networks in new and unique ways and has also written articles for various magazines in the IT and Government sector specifically on information security issues.



    Event Organizer


    Hack In The Box (M) Sdn. Bhd.

    Supported & Endorsed By


    Malaysian Communications and Multimedia Commission (MCMC)


    Malaysian Administrative Modernisation & Management Planning Unit

    Platinum Sponsors


    Microsoft Corporation

    Gold Sponsors


    SCANIT ME LLC

    Official Airline Partner


    Internet Bandwidth Sponsor


    Global Transit

    CTF Sponsor


    Scan Associates

    CTF Prize Sponsor


    Scan Associates

    Sponsor for Zone-H/HITB Hacking Challenge


    Ascendsys

    HITB Cinema Sponsor


    Avenuz Sdn. Bhd.

    Official Creation Station


    The Womb.com

    Our Speakers are Supported By


    F-Secure Corporation


    Arbor Networks


    Mediaservice.net


    Bellua Asia Pacific


    ERNW GmbH


    Mozilla Corporation


    Mu Security

    Supporting Media:

    Virus Bulletin

    Virus Bulletin (VB)

    InfoSec News

    (ISN) InfoSec News

    InfoSec News

    XAKEP (Russia)

    Insecure Magazine

    PHRACK Magazine

    Hakin9 Magazine

    Supporting Organizations


    Chaos Computer Club


    ISECOM - Insititue for Security and Open Methodologies


    ISACA


    IT Underground


    X-Focus China

    Zone-H Defacement Mirror


    Xatrix Security


    Special Interest Group in Security & Information InteGrity Singapore


    Syscan