Penetration Testing mailing list archives
Re: Legality of blue tooth hacking
From: Cedric Blancher <sid () rstack org>
Date: Thu, 16 Mar 2006 08:25:35 +0100
Le mercredi 15 mars 2006 à 13:48 +0000, mht3 () earthlink net a écrit :
At a recent Cisco security product meeting, I observed a security practice director outside snarfing phone numbers and addresses from the various people who were attending the meeting. He got up and presented the information saying there was no law preventing him from snarfing information. I seem to recall attending a conference a while back where the laws regarding this type of blue tooth snarfing was discussed.
In France, law says breaking (or trying to) into an "automated information processing system" is illegal without owner consent. In this case, the phone is clearly an "automated information processing system" and this guy is stealing informations without user consent. It's as well illegal to enter and/or maintain into such a system without owner content, and so is dowloading and/or altering data. Not speaking of the fact we're speaking of personal data, that can raise special legal aspects in some situations. So, from many aspects, it's illegal. Period. From a more technical point of vue, bluesnarfing[1][2] relies on exploiting improper OBEX implementations, what basicly is called exploiting a flaw. Thus, if this would be legal, then exploiting any random flaw would be as well !? I don't even see how the illegality of bluesnarfing could be questionnable... [1] http://trifinite.org/trifinite_stuff_bluesnarf.html [2] http://trifinite.org/trifinite_stuff_bluesnarfpp.html -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE CanSecWest Practical WiFi (in)Security Master Dojo: http://cansecwest.com/dojowifi.html ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- Legality of blue tooth hacking mht3 (Mar 15)
- Re: Legality of blue tooth hacking Cedric Blancher (Mar 16)
- Re: Legality of blue tooth hacking Paul Robertson (Mar 16)
- Re: Legality of blue tooth hacking Tim Hurman (Mar 16)
- <Possible follow-ups>
- RE: Legality of blue tooth hacking Shenk, Jerry A (Mar 16)
- RE: Legality of blue tooth hacking Craig Wright (Mar 16)
- RE: Legality of blue tooth hacking Chris Dalton (Mar 16)
- RE: Legality of blue tooth hacking Craig Wright (Mar 16)
- RE: Legality of blue tooth hacking Cedric Blancher (Mar 18)
- Message not available
- RE: Legality of blue tooth hacking Mark Teicher (Mar 19)
- RE: Legality of blue tooth hacking Mark Teicher (Mar 20)
- Message not available