HeloMoto

The HeloMoto attack has been discovered by Adam Laurie and is a
combination of the BlueSnarf attack and the BlueBug attack.
The attack is called HeloMoto, since it was discovered on Motorola phones.

Method

The HeloMoto attack takes advantage of the incorrect implementation
of the 'trusted device' handling on some Motorola devices. The attacker
initiates a connection to the unathenticated OBEX Push Profile
pretending to send a vCard. The attacker interrupts the sending process
and without interaction the attacker's device is stored in the 'list of
trusted devices' on the victim's phone. With an entry in that list, the
attacker is able to connect to the headset profile without authentication.
Once connected to this service, the attacker is able to take control of
the device by means of AT-commands (as BlueBug).