Description
The proliferation of Bluetooth in the mobile phone and PDA industries has, unfortunately, brought with it a corresponding surge of security issues and problems. Since the initial "BlueSnarfing" attacks in 2003, there have been a constant trickle of new issues, as each new generation of device hits the market, some with far-reaching consequences for the potential victims.
This course will bring you up to date with all the currently known issues, providing detailed background information and techniques, as well as tools for the auditing of Bluetooth devices for vulnerability to attack.
The instructors of this course have been the leading pioneers in highlighting Bluetooth security issues, and work closely with the industry to help find and eliminate problems, as well as bringing them to the public's attention by speaking at major security conferences worldwide, such as DEFCON, Black Hat and Chaos Communications Congress.
More information on their work can be found at http://www.trifinite.org, the home of the Trifinite Group.
Description
1 day course, consisting of a short lecture and demonstrations, followed by hands-on installation of tools and instruction in their use.
Prerequisites
Students coming into this course must know how to configure a linux kernel.
Prerequisite material
Students should bring a laptop with a Bluetooth dongle (for best results, we recommend a Cambridge Silicon Radio (CSR) based dongle, as some of the test tools are chip manufacturer dependant). A live CD will be provided, but students wishing to set up their laptop for ongoing Bluetooth auditing should have Linux version 2.6.10 or greater pre-installed.
Martin Herfurt
Martin Herfurt is the founder of the trifinite.group. He completed his Telecommunications Engineering Degree at the Salzburg University of Applied Sciences and Technologies in 2001. Alongside his study Martin was involved in numerous industry projects, providing him with commercial programming practice. In 2000 Martin followed up his formal study with a four-month internship at the telecommunications institute of TELCOT institute in San Ramon, California, USA. Since the second half of 2000 Martin has been working as a full time researcher at an Austrian Research facility. His project responsibilities there were ranging from the co-ordination of a European IST project with a total budget of over 5 million Euro to software agents development. Together with a colleague, Martin began giving a class on mobile data services at the Salzburg University of Applied Sciences and Technologies in the summer of 2003. In February 2004, Martin discovered a major security loophole in several popular cellphones which is referred to as BlueBug in the media. As part of his fascination with the rapid development in computer programming Martin has become a regular participant in the Chaos Communication Congress which is a yearly meeting of the German hacker association CCC.
Marcel Holtman
Marcel Holtmann is the maintainer and the core developer of the official Linux Bluetooth stack which is called BlueZ. He started working with the Bluetooth technology back in 2001. His work includes new hardware drivers, upper layer protocol implementations and the integration of Bluetooth into other subsystems of the Linux kernel. In January 2004 he overtook the maintainer role from the original developer Max Krasnyansky. Together with Jean Tourrilhes he maintains the OpenOBEX project. He is also responsible for the IrDA and Bluetooth integrations of the Gnokii project.