Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29

Rather than accusing him of being wrong and not validating it, why don't you post ... IT & Business Pros forum

  1. #16
    Amigotek's Avatar
    Amigotek no está en línea Stack Professional
    Join Date
    Mar 2007
    PIN/ID
    21D7B3C6
    Posts
    1,569

    Advertisement



    Rather than accusing him of being wrong and not validating it, why don't you post links to the white papers you mention.

    Zo.
    ~via BB (wap.pinstack.com)~

  2. #17
    mrmoe's Avatar
    mrmoe no está en línea Stack level 3
    Join Date
    Feb 2008
    PIN/ID
    Ask
    Posts
    367
    Do your own Research & Google ! =]
    Of all the things I lost, I miss my mind the most.
    | The DarkSide of PinStack | FAQ | Downloads |

  3. #18
    Amigotek's Avatar
    Amigotek no está en línea Stack Professional
    Join Date
    Mar 2007
    PIN/ID
    21D7B3C6
    Posts
    1,569
    I have and according to the sources I have found top be reliable there hasn't been a documented trojan on a bb device. Those sources include programmers for government level firewalls along with blackberry reps, techs, and engineers.

    Zo
    ~via BB (wap.pinstack.com)~

  4. #19
    untjoker's Avatar
    untjoker no está en línea Stack level 3
    Join Date
    Jul 2006
    Posts
    405
    Quote Originally Posted by Amigotek View Post
    Rather than accusing him of being wrong and not validating it, why don't you post links to the white papers you mention.

    Zo.
    ~via BB (wap.pinstack.com)~
    #1 He's right. There are trojans for BB's, just because it hasn't hit the news wire doesn't mean it's not a real thing. #2, google it and you'll see plenty of information on it. Now it's nowhere near the point where you are going to have to install Anti-V's on your Curve, but it is in fact possible. Everyone needs to stop treating mrmoe like some crackpot Defcon attendee. Now I do agree that the mobile hacking article the poster mentioned is worthless for us BB users, but the trojan on a blackberry premise is in fact going to be a problem in the future if people keep putting their heads in the sand.......
    Yes, I've been diagnosed with Phantom Vibration Disorder.....

  5. #20
    kingrykku27's Avatar
    kingrykku27 no está en línea Stack level 4
    Join Date
    Aug 2007
    PIN/ID
    2444409C
    Posts
    568
    ~via BB (wap.pinstack.com)~

    Reddog have you so quickly forgotten?

    http://blackberryforums.pinstack.com...ased_week.html

  6. #21
    Toddboy71's Avatar
    Toddboy71 no está en línea Device Pro
    Join Date
    Jan 2006
    PIN/ID
    T o' Bee
    Posts
    2,384
    Quote Originally Posted by mrmoe View Post
    This is strictly wrong and irresponsible of you reddog187. There are plenty of white papers that have been written that address BB trojans. You are not given those folks ( ethical hacking community) credit and recognition. WRONG !!!
    Why should I give these worthless dregs of human existence "credit and recognition"? They are as evil as the drug dealers, murderers, and child molesters that sit in the 8x10's. Harsh? Sure. But they cost me just as much as the other previously mentioned criminals do in tax dollars. Just my $.02.

  7. #22
    3CISS's Avatar
    3CISS no está en línea Stack level 2
    Join Date
    Oct 2007
    Posts
    26

    Several threats

    There are a few threats that any phone with Bluetooth face:

    1. Bluesnarfing is attacking the Bluetooth device, usually a phone, to rip out information. Hackers can obtain phonebooks, calendars and stored SMS messages. Such is the case with the Paris Hilton and Fred Durst incidents.


    2. Bluetracking is tracking a person's movement by tracking their Bluetooth device. All Bluetooth devices have a unique address, similar to a MAC address on computer network cards. By using special sensors or antennas you can see where a particular Bluetooth device pops up and record a person's movement.


    3. Bluebugging involves sending executable commands to the Bluetooth device. With the proper software, you could secretly turn on a phone and make it call you. Why is this important? You have just turned the phone into a listening device that can record without your target knowing it.

    Blackberry has taken steps to prevent attacks on their devices, but the fact remains that any device is only as secure as it's set up to be. If you simply turn on Bluetooth and forget about the other settings like 'allow address book transfer' etc.., then you can only be upset at one person when your information is compromised--->yourself.
    r00ted MT4G
    CBC

    Helpful links
    UMA setup guide |

  8. #23
    reddog187's Avatar
    reddog187 no está en línea Stack Moderator
    Join Date
    Dec 2006
    PIN/ID
    STACK
    Posts
    8,907
    Wow you guys are taking this a little personal.

    As pertaining to the orginal topic of the thread. Which is Bluetooth Hacking. This is NOT POSSIBLE. Unless you allow random people to pair to your BB.

    As for the other security that is all server side. Hacking the Server is completely different than the device itself. And yes please show me some creditable links. This is a discussion and it would give credit to your side of the discussion. Other than saying Google it.

    @mrmoe
    And how am I irresponsible, just because I won't give them credit? I'll give them credit when credit is due. I'm just curious why you're sticking up for them? Anyways believe what you would like.

  9. #24
    3CISS's Avatar
    3CISS no está en línea Stack level 2
    Join Date
    Oct 2007
    Posts
    26
    Actually, as mentioned above, it is possible to pair with an improperly configured phone with Bluetooth on. By default, many phones are programmed to allow pairing with no prompts. This was originally done by most mobile phone manufacturers because a large portion of the public didn't know how or care to learn how to configure their devices to prevent such intrusion. And the fact still remains today (computer security is my profession and is not simply limited to computers), that a LARGE percentage of the public does not know how to configure their devices to be secure. It is extremely easy for me to sit downtown with my laptop and some software (unnamed), and not only gain access to many cell phones running unsecured bluetooth connections, but also 'rip' their address books and more from their phones without their knowledge. Now with the proliferation of phones (such as my 8320) sporting WiFi, this technique becomes easier, as now these phones connect over wireless networks. This is where Evil Twin Cloning can steal every packet of information to and from your WiFi enabled phone. You'd be blown away at the number of unsecured wireless networks out there.

    Go ahead and leave your phone on default and connect to that easy WiFi spot at Starbucks........you might be the next victim of ID theft. Just ask Paris Hilton!
    r00ted MT4G
    CBC

    Helpful links
    UMA setup guide |

  10. #25
    untjoker's Avatar
    untjoker no está en línea Stack level 3
    Join Date
    Jul 2006
    Posts
    405
    Amen brother. The simple fact that the password for 99.9 percent of bluetooth devices is "0000" should help the non-believers....and let's not even get into wireless security as a whole
    Quote Originally Posted by 3CISS View Post
    Actually, as mentioned above, it is possible to pair with an improperly configured phone with Bluetooth on. By default, many phones are programmed to allow pairing with no prompts. This was originally done by most mobile phone manufacturers because a large portion of the public didn't know how or care to learn how to configure their devices to prevent such intrusion. And the fact still remains today (computer security is my profession and is not simply limited to computers), that a LARGE percentage of the public does not know how to configure their devices to be secure. It is extremely easy for me to sit downtown with my laptop and some software (unnamed), and not only gain access to many cell phones running unsecured bluetooth connections, but also 'rip' their address books and more from their phones without their knowledge. Now with the proliferation of phones (such as my 8320) sporting WiFi, this technique becomes easier, as now these phones connect over wireless networks. This is where Evil Twin Cloning can steal every packet of information to and from your WiFi enabled phone. You'd be blown away at the number of unsecured wireless networks out there.

    Go ahead and leave your phone on default and connect to that easy WiFi spot at Starbucks........you might be the next victim of ID theft. Just ask Paris Hilton!

  11. #26
    mrmoe's Avatar
    mrmoe no está en línea Stack level 3
    Join Date
    Feb 2008
    PIN/ID
    Ask
    Posts
    367
    Quote Originally Posted by Toddboy71 View Post
    Why should I give these worthless dregs of human existence "credit and recognition"? They are as evil as the drug dealers, murderers, and child molesters that sit in the 8x10's. Harsh? Sure. But they cost me just as much as the other previously mentioned criminals do in tax dollars. Just my $.02.
    Because they save you more than just tax dollars. But thats just my $.02.

  12. #27
    mrmoe's Avatar
    mrmoe no está en línea Stack level 3
    Join Date
    Feb 2008
    PIN/ID
    Ask
    Posts
    367
    Quote Originally Posted by reddog187 View Post
    Wow you guys are taking this a little personal.

    As pertaining to the orginal topic of the thread. Which is Bluetooth Hacking. This is NOT POSSIBLE. Unless you allow random people to pair to your BB.

    As for the other security that is all server side. Hacking the Server is completely different than the device itself. And yes please show me some creditable links. This is a discussion and it would give credit to your side of the discussion. Other than saying Google it.

    @mrmoe
    And how am I irresponsible, just because I won't give them credit? I'll give them credit when credit is due. I'm just curious why you're sticking up for them? Anyways believe what you would like.
    Because we should.... However, Lets agree, that no one here is an expert on security. and that all is well in Wonderland.

  13. #28
    ted's Avatar
    ted
    ted no está en línea Stack level 4
    Join Date
    Jun 2006
    PIN/ID
    N/A
    Posts
    506
    ~via BB (wap.pinstack.com)~ Mmmmmmm, interesting topic. I do agree with Reddog there MrMoe, could you site your sources for the BB Trojans? If you are indeed wanting to make us aware of what you perceive to be a credable threat, why not be more open.

    Otherwise you still sound like chicken litte to me. I've heard my fair share of conspiracy theories, so I'm always skeptical without more evidence.

    So, mrmoe and co, please post something where we can actually see documentation of the threat, or maybe you have something that proves your point more effectively??

    I'll keep a eye out for it.

  14. #29
    ted's Avatar
    ted
    ted no está en línea Stack level 4
    Join Date
    Jun 2006
    PIN/ID
    N/A
    Posts
    506
    Quote Originally Posted by kingrykku27 View Post
    ~via BB (wap.pinstack.com)~

    Reddog have you so quickly forgotten?

    http://blackberryforums.pinstack.com...ased_week.html
    Here's another entry from that linked thread (add a little context to the conversation shall we?):

    before in the news. But I find it curious that he's telling everyone that he's found a security flaw, talked to RIM about it, yet he's going to release the trojan for download next week. So here is a "Security Researcher", pointing out a flaw, then he's going to give the Trojan to everybody that wants to try to exploit the flaw. Not my idea of responsable research, but maybe I just don't understand.He claims that RIM has posted two new documents on their website on this issue, but a search for BBproxy finds no results. There is one new document that addresses Protecting the Device Platform from Malware in the New Documents Listing.Rcbj

    This looks like we're going to be going around for a while on this one.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •