RE: Infrared Vulns on laptops

From: Brewis, Mark (mark.brewis@eds.com)
Date: Mon Aug 11 2003 - 14:12:56 EDT


Larry,

There isn't much out there about IrDA vulnerabilities and hacking, other
than hacking Furbies, or getting your laptop to programme your video.

The IR protocol is unicast, so it won't talk to another IrDA device once a
connection has been made to a particular device. It will drop and restart
if a connection between one device is lost and another created.

Under Windows (including CE) the IrDA connection can be configured so that
the user has to accept an incoming data transfer. I've had patchy luck
getting phones and PDA's to talk under Linux, so someone better versed
should comment on that, but I seem to remember it was much the same.

Unless the user has actually enabled and is running the IrDA interface then
it isn't possible to send anything to a user. Good security practice is
therefore to enable it only when it is needed, and to have it prompt you to
accept anything. A user has to consciously send information to another
device. I doubt it would be easy to write a trojan to enable the IrDA port
and send information out on an ad hoc basis.

There aren't many tools out there to even try and play with IrDA. Ethereal
will sniff the interface on a PC (sniffing your own data), and there are
specific IR sniffers for Linux, e.g.,

http://www.linuxselfhelp.com/HOWTO/Infrared-HOWTO/infrared-howto-s-sniffer.h
tml

I haven't tried that one, but have used the irda-utils,
irda-utils-0.9.15.tar.gz, from Sourceforge,

http://sourceforge.net/project/showfiles.php?group_id=5616

There are also some specialist tools for Palms,

http://mcl.cs.byu.edu/noframes/research.html

The very short range of IrDA (I know what the standards say, but you are
lucky if it works at more than a few inches in my experience,) the unicast
nature and the ability to require user intervention in accepting a
connection all mitigate the risk to a very low level.

If someone is exploiting IrDA, it is almost certainly someone coming out of
a Phreaking background, who is a dab hand with a soldering iron and has some
esoteric programming skills. I reckon the risk is quite low, although I'd
be happy to hear from anyone who can prove me wrong!

Hope this helps,

Mark

Mark Brewis

Security Consultant
EDS
Information Assurance Group
Wavendon Tower
Milton Keynes
Buckinghamshire
MK17 8LX.

Tel: +44 (0)1908 28 4234/4013
Fax: +44 (0)1908 28 4393
E@: mark.brewis@eds.com

This email is confidential and intended solely for the use of the
individual(s) to whom it is addressed. Any views or opinions presented are
solely those of the author. If you are not the intended recipient, be
advised that you have received this email in error and that any use,
dissemination, forwarding, printing, or copying of this mail is strictly
prohibited.

Precautions have been taken to minimise the risk of transmitting software
viruses, but you must carry out your own virus checks on any attachment to
this message. No liability can be accepted for any loss or damage caused by
software viruses.

---------------------------------------------------------------------------
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT