Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15811
HistoryJan 24, 2007 - 12:00 a.m.

Bluetooth DoS by obex push

2007-01-2400:00:00
vulners.com
22
JSON

Hello,

during a course project studying security and privacy related to
Bluetooth, we discovered a simple but effective DoS attack using OBEX push.

Using ussp-push [1], it is possible to send out files very quickly. By
continuously trying to push a ?le, the target is ?ooded with prompts
whether to accept the ?le or not, which disables any other usage on the
phone, including the ability to turn off Bluetooth.
We confirmed the attack to work on the following phones:

  • Sony Ericsson K700i
  • Nokia N70
  • Motorola MOTORAZR V3
  • Sony Ericsson W810i
  • LG Chocolate KG800

and expect nearly all available phones with Bluetooth to be vulnerable
(in contrary to the previous DoS by l2ping).

A proof-of-concept code is attached (plain text), using ussp-push and
targeting a known MAC. This could be easily extended to target all
visible devices.
Plus, a user could be forced to accept a possibly malicious file with
this attack. Using only one Bluetooth-Dongle, we were able to
practically disable three phones simlutaneously.

Best regards,
Stefan Ekerfelt and Armin Hornung

[1] http://www.xmailserver.org/ussp-push.html

JSON