BlueSnarf

The BlueSnarf attack is probably the most famous Bluetooth attack,
since it is the first major security issue related to Bluetooth
enabled devices. BlueSnarf has been identified by Marcel Holtmann
in September 2003. Independently, Adam Laurie discovered the same
vulneralbility in November 2003 posted the issue on Bugtraq and
got in touch with the respective device manufacturers.

Method

In order to perfom a BlueSnarf attack, the attacker needs to connect
to the OBEX Push Profile (OPP), which has been specified for the easy
exchange of business cards and other objects. In most of the cases,
this service does not require authentication. Missing authentication
is not a problem for OBEX Push, as long as everything is implemented
correctly. The BlueSnarf attack connects to an OBEX Push target and
performs an OBEX GET request for known filenames such as 'telecom/pb.vcf'
for the devices phone book or 'telecom/cal.vcs' for the devices calendar
file. (There are many more names of files in the IrMC Specification).
In case of improper implementation of the device firmware, an attacker
is able to retrieve all files where the name is either known or guessed correctly.