Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Bluetooth SIG Denial of Service vulnerability

from [hugo] Network Security [Permanent Link]
Subject: Bluetooth SIG Denial of Service vulnerability
Date: 12 Jun 2005 09:33:22 -0000 
The next D.o.S. can be reproduced "at home", with a simple laptop. A bluettoth 
enabled PDA can reach same results.

1) D.o.S. to the bluetooth device

Many bluetooth device communications can be totally inhibited simply by sending 
a ping-flood to the device from a linux laptop with bluetooth connectivity.

To reproduce:

# l2ping -f <bluetooth_address>


At the time of this writing, tested devices are:

- -Nokia 7650 (Symbian 6.0)
- -Nokia 6600        (Symbian 7.0)
- -Siemens  V55
- -Motorola  S55
- -Conceptronic (CBTU) Bluetooth dongle on Windows 2003 (vulnerable is
 windows BT stack implemetation...)
- -Others...

1) ALL the devices tested are affected by DoS. (connection flood)
2) "Hide-mode protection" behaviour is different in any device/customer. Some
devices can not be connected while in "hide-mode" while on others you can do it.

- - Most affected customer seems to be NOKIA witch is vulnerable to denial od 
seervice, even in hidden mode...

Nokia seems to agree with me in the fact that DoS
exists (they have reproduced it), but they claim that they are following
Bluetooth specifications, so maybe this is a Bluetooth design error...

Quoting a Nokia guy from security-alert__at__nokia.com:

"This DoS seems to be a specification issue which should be handled by 
Bluetooth SIG."

For the complete time-line of ontacts with Nokia and Bluetooth people, check 
this URL:

http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/bt/index.html

Hugo Vázquez Caramés
Infohacking
Barcelona
Spain
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [OpenPKG-SA-2005.010] OpenPKG Security Advisory (openpkg), OpenPKG
Next by Date:  NDSS '06 -- Call for Papers, Karen Seo
Previous by Thread:  [OpenPKG-SA-2005.010] OpenPKG Security Advisory (openpkg), OpenPKG
Next by Thread:  Re: Bluetooth SIG Denial of Service vulnerability, Joshua Davis
Indexes:  [Date] [Thread] [Top] [All Lists]