Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Red-Ms Bluetooth Server Vulnerable

    By
    Dennis Fisher
    -
    June 5, 2002
    Share
    Facebook
    Twitter
    Linkedin

      Security researchers have identified numerous flaws in the Bluetooth short-range wireless access points sold by Red-M Communications Ltd., the most serious of which could compromise the administration password.

      @stake Inc., a security research and consultant firm in Cambridge, Mass., discovered the six vulnerabilities in Red-Ms 1050AP, which is the only server on the market that supports access by multiple Bluetooth clients.

      Although Bluetooth has been in existence for several years, vendors have been slow to produce devices that support it. Designed mainly for linking desktop and notebook computers to peripherals such as cell phones and headsets, some advocates have touted the protocol as a more secure alternative to 802.11b.

      But, security experts say, Bluetooth gear is not immune from many of the same design flaws that have resulted in security problems for wired and other wireless networks.

      “The design and implementation issues havent been resolved because [Bluetooth networks] rely on corporate networks to be secure,” said Ollie Whitehouse, director of security architecture and team leader of @stakes Wireless Security Center of Excellence, which discovered the flaws. “We suffer from the same problems in the wireless world as in the wired world. Theyre common programming issues as opposed to Bluetooth issues.”

      The companys advisory is due to be published Wednesday.

      Red-M, based in Bucks, England, responded to @stakes discoveries by saying that the attacks and vulnerabilities the researchers identified would result from the access point being installed on a poorly secured wired network. However, Red-M has fixed the denial-of-service flaws in a recent firmware upgrade and plans to address the others in its next update, due in August.

      Whitehouse said that none of the vulnerabilities or attacks his team identified was very difficult to find or execute.

      “Its not going to take someone with a high level of intellect to exploit these,” he said. “We spent a total of two weeks on this.”

      Potentially the most damaging vulnerability is a flaw in the TFTP server that ships with the 1050AP. The server, which is used for configuration backups and firmware updates, cannot be disabled and an attacker could use it to launch a UDP-based attack to crack the administrative password, according to Whitehouse. Combined with the fact that the devices password is case insensitive and can be no longer than 16 characters, this vulnerability gives an attacker an effective way of cracking the administrative password.

      The 1050AP also has a vulnerability in its management session state storage capability that is susceptible to several different attacks. When a user logs into the Web interface with the administrative password, the device does not send a cookie, session ID or any authentication data to the client, nor does the client send any to the server. Instead, the server remembers until the session times out or the user logs out that that particular IP address has been authenticated.

      As a result, a second user coming via the same proxy server can connect to the administrative interface without having to authenticate himself. Or, if the first user connects to the 1050AP through a firewall that does network address translation, any other user behind the same IP address can access the administrative interface as well.

      Also, because the device does not ask for the current password when a user tries to change the administrators password, once hes logged on, an attacker could lock the administrator out of the device, @stake says.

      The Red-M device also broadcasts its name via UDP to a specific broadcast IP address about once a minute, Whitehouse said. Anyone looking to find an access point on a given network would need simply to listen on port 8887, and could easily determine the 1050 APs name, IP address, netmask, serial number and aerial address.

      @stake also identified two separate denial-of-service vulnerabilities in the access point. The flaw in the management Web server simply requires an attacker to enter a long string of characters in the administrative password field, which will generate a connection error and cause the server to die until it is manually restarted. The second such flaw results from an attacker entering an overly long string in the PPP (point to point protocol) username field.

      Red-M officials said they dont see these issues as problems with the 1050AP.

      “The current design philosophy for the 1050AP is that it would be used on a corporate network already secured by implementation of a corporate security policy,” the company wrote in an e-mail response to @stakes advisory. “This should mitigate the risk of attacks from the wired network. We believe that [@stakes advisory] does not demonstrate a practical vulnerability over the wireless interface, as the 1050APs wireless security mechanisms has not been shown to be vulnerable.”

      Related stories:

      • Review: 802.11a 5 Times Faster Than 11b
      • Review: Sizing Up Early Bluetooth Devices
      Dennis Fisher

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×