Motorola PEBL U6 and V600 name spoofing

motorola-peblu6-v600-name-spoofing (25402) The risk level is classified as LowLow Risk

Description:

Motorola PEBL U6 and Motorola cellular phones could allow a remote attacker to spoof the device name, caused by improper handling of incoming connections to the Headset Audio Gateway. A remote attacker could send a specially-crafted request containing new line characters from a Bluetooth device on channel 3 to spoof the device name that is displayed in the security dialogs and possibly convince the victim to accept an incoming connection. A remote attacker could exploit this vulnerability to obtain sensitive information.


Consequences:

Obtain Information

Remedy:

No remedy available as of September 4, 2010.

References:

  • Full-Disclosure Mailing List, Tue Mar 21 2006 - 17:33:19 CST: DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack'.
  • BID-17190: Motorola Bluetooth Interface Dialog Spoofing Vulnerability
  • CVE-2006-1365: The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a HeloMoto attack.
  • CVE-2006-1367: The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a Blueline attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one.
  • SA19319: Motorola Cellular Phones Security Dialog Spoofing Vulnerability
  • VUPEN/ADV-2006-1045: Motorola Phones Buffer Overflow and Security Dialog Spoofing Vulnerabilities

Platforms Affected:

  • Motorola Motorola PEBL U6
  • Motorola Motorola V600

Reported:

Mar 22, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page