James Middleton

January 23, 2007

1 Min Read
Bluetooth falls foul of another hack attack

A posting to the Full Disclosure security listserv on Tuesday reveals another Bluetooth-based potential security threat to mobile devices. The exploit relies on a crude denial of service (DOS) attack on discoverable Bluetooth devices.

Using USSP-PUSH, a program that sends files as OBEX object exchange requests from a Linux-based Bluetooth stack, security researchers made a standard Bluetooth dongle generate a very large number of OBEX requests to every Bluetooth device it detected.

The result is a denial of service attack that occurs on three fronts – either the target’s Bluetooth stack fails to keep up with the number of requests, the operating system fails to process them, or the user cannot reject them quickly enough.

With one dongle, the hackers successfully disabled three mobile phones simultaneously. They demonstrated the attack on a Sony Ericsson K700i, Nokia N70, Motorola RAZR V3, Sony Ericsson W810i and LG Chocolate KG800.

Armin Hornung, a student at the University of Washington and co-discoverer of the bug, said he “expects nearly all available phones with Bluetooth to be vulnerable”.

As with essentially all Bluetooth attacks, the countermeasures are simple. Turn the Bluetooth client off unless it is being used and you will be protected against all Bluejacking/Bluesnarfing/Toothing/whatever exploits. If Bluetooth is being used, do not leave it in discoverable mode once the pairing has been made.

About the Author(s)

James Middleton

James Middleton is managing editor of telecoms.com | Follow him @telecomsjames

You May Also Like