| Research on Bluetooth security is becoming hotter. In practical applications, we need to effectively detect these vulnerabilities and avoid the disclosure of security information. In this premise, the mission of this thesis is clear:dig the Bluetooth vulnerabilities of smart phones and according the vulnerabilities design a set of software to dig these vulnerabilities on smart phones with symbian or windows Mobile operation system.First this article describes the background and protocol stack of Bluetooth technology and sum up the current mining methods. Then according the features in protocol stack of Bluetooth, combined with the Fuzz method, we found signaling packet header overflow and packet parsing vulnerabilities in L2cap layer, the vulnerabilities based on DOS attack and fixed PIN code, anonymously sending file and the vulnerability of searching for Bluetooth in hidden status vulnerabilities on N95, N72 and HTC P4550. According the vulnerabilities found, we design the vulnerability-digging software for smart phones. At the same time, this thesis presented the modular structure diagram and flowchart, the digging principle for the vulnerabilities. Every module has their own respective functions, and transmits parameters through the interface, and the coupling is low. In detail design phase, this thesis gives data structure as well as key function description. Finally, based on detailed software testing, the research results and some aspects that could be further improved were summed up. The vulnerabilities of Bluetooth found in this thesis have been detected by vulnerability-digging software on smart phones and the software has been used in practical work by some scientific research units. |
PDF Full Text Request