AOH :: HP Unsorted B :: C07-2032.HTM

Bluetooth DoS by obex push



Bluetooth DoS by obex push
Bluetooth DoS by obex push



Hello,

during a course project studying security and privacy related to Bluetooth, we discovered a simple but effective DoS attack using OBEX push.

Using ussp-push [1], it is possible to send out files very quickly. By continuously trying to push a file, the target is flooded with prompts whether to accept the file or not, which disables any other usage on the phone, including the ability to turn off Bluetooth.
We confirmed the attack to work on the following phones:

- Sony Ericsson K700i
- Nokia N70
- Motorola MOTORAZR V3
- Sony Ericsson W810i
- LG Chocolate KG800

and expect nearly all available phones with Bluetooth to be vulnerable (in contrary to the previous DoS by l2ping).

A proof-of-concept code is attached, using ussp-push and targeting a known MAC. This could be easily extended to target all visible devices. Plus, a user could be forced to accept a possibly malicious file with this attack. Using only one Bluetooth-Dongle, we were able to practically disable three phones simlutaneously.

Best regards,
Stefan Ekerfelt and Armin Hornung

[1] http://www.xmailserver.org/ussp-push.html 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.