lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <45B65C72.6080509@cs.washington.edu>
Date: Tue, 23 Jan 2007 11:05:22 -0800
From: Armin Hornung <hornung@...washington.edu>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Bluetooth DoS by obex push [CORRECTED]

Sorry for some trouble with the last mail, I have corrected the text
(there were some possibly unreadable characters in it) and the
attachment is plain text now.


Hello,

during a course project studying security and privacy related to
Bluetooth, we discovered a simple but effective DoS attack using OBEX push.

Using ussp-push [1], it is possible to send out files very quickly. By
continuously trying to push a file, the target is flooded with prompts
whether to accept the file or not, which disables any other usage on the
phone, including the ability to turn off Bluetooth.
We confirmed the attack to work on the following phones (all tested ones!):

- Sony Ericsson K700i
- Nokia N70
- Motorola MOTORAZR V3
- Sony Ericsson W810i
- LG Chocolate KG800

and expect nearly all available phones with Bluetooth to be vulnerable
(in contrary to the previous DoS by l2ping).

A proof-of-concept code is attached, using ussp-push and targeting a
known MAC. This could be easily extended to target all visible devices.
Plus, a user could be forced to accept a possibly malicious file with
this attack. Using only one Bluetooth-Dongle, we were able to
practically disable three phones simlutaneously.

Best regards,
Stefan Ekerfelt and Armin Hornung

[1] http://www.xmailserver.org/ussp-push.html

View attachment "obex_dos" of type "text/plain" (500 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ