Flaw found in Toshiba wireless device driver

By Bill Brenner, Senior News Writer 16 Oct 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Attackers could exploit a flaw in Toshiba's Bluetooth wireless device driver to cause a denial of service or run malicious code on victims' machines, researchers at SecureWorks have discovered.

Bluetooth wireless technology is used for short-range data communications between electronic devices. While this flaw specifically affects Toshiba's Bluetooth wireless device driver, Atlanta-based SecureWorks said in an advisory that the flaw affects multiple vendors who use the technology in their wireless products, including Dell Computers, Sony [in its VAIO notebooks], ASUS Computers and possibly others.

Attackers could compromise the Toshiba device driver using specially crafted Bluetooth packets, causing memory corruption and system crashes. From there, they could run malicious code at the highest privilege level on a victim's machine, SecureWorks said.

An attacker would need to be within approximately 10 meters of the victim to pull off an exploit. The attacker would also need the Bluetooth address of the victim's device. Bluetooth addresses are easily enumerated through active scanning if the device allows discovery, the advisory noted.

The problem was discovered by SecureWorks Senior Researcher David Maynor and vulnerability researcher Jon "Johnny Cache" Ellch, who made headlines in August with a presentation on wireless card threats at the Black Hat USA 2006 conference in Las Vegas.

In an interview Monday, Maynor said the Toshiba problem is an offshoot of the threat he and Ellch demonstrated at Black Hat.

"The information we presented at Black Hat led to the discovery of this vulnerability," Maynor said. "And we did note in the presentation that the problem could affect Bluetooth."

Toshiba did not immediately respond to an interview request, but Maynor said the vendor has made a fix available for all Bluetooth stacks. Users can access the security updates from the Toshiba Bluetooth Web site. Dell has made the updates available on its support site as well.

To reduce the risk of future Bluetooth attacks, SecureWorks recommended users set their devices to non-discoverable mode during normal operations.

In general, Maynor said, wireless device drivers were not developed with security in mind. He said the goal of the Black Hat presentation was to get other vendors and independent researchers to start looking for device driver flaws so they could be fixed before it's too late.

"Since device drivers were never designed with security in mind, you can still find common flaws people would have otherwise thought to be extinct," Maynor said. "If we had done more to prevent spam 10 years ago, it wouldn't be such a big problem today. We want to fix the device driver problems now so it's not a huge problem in the future."

Fortunately, he said, researchers and vendors alike have responded positively.

Tags: Handheld and Mobile Device Security Best Practices,  Denial of Service (DoS) Attack Prevention,  Security Patch Management,  Smartphone and PDA Viruses and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Handheld and Mobile Device Security Best Practices How to prevent mobile phone spying Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws How secure are iPhone App Store mobile applications? Is there a spy on my mobile device? Mobile phones win during Pwn2Own contest Latest Apple iPhone features prompt security concerns Apple iPhone app could boost two-factor What Obama's Blackberry means for mobile device security SMS mobile worm attacks Symbian smartphones Handheld and Mobile Device Security Best Practices Research Denial of Service (DoS) Attack Prevention How to prevent DDoS attacks on websites How to prevent network denial-of-service attacks What are 'phlashing' attacks? Could someone place a rootkit on an internal network through a router? Black Hat 2007: Estonian attacks were a cyber riot, not warfare Can smurf attacks cause more than just a denial of service? Experts doubt Russian government launched DDoS attacks Can service providers prevent DDoS attacks? Metasploit Framework 3.0 released Go Daddy investigates source of attack Denial of Service (DoS) Attack Prevention Research Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Electrohippies Collective  (SearchSecurity.com) packet monkey  (SearchSecurity.com) pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary