DOS Attacks on Cellphones via Bluetooth

The methods to render a cellphone totally useless are in big numbers nowadays but I stumbled upon another, even “better” one, which has been discovered last night. The method implies the usage of a Bluetooth dongle and as the people that have already used it say, that single dongle has been able to disable completely […]

The methods to render a cellphone totally useless are in big numbers nowadays but I stumbled upon another, even “better” one, which has been discovered last night. The method implies the usage of a Bluetooth dongle and as the people that have already used it say, that single dongle has been able to disable completely three different cellphones at a time.

The security researchers that discovered this Denial of Service attack usable against mobile phones have said that the procedure uses OBEX push requests. OBEX is an abbreviation of the term Object EXchange (aka IrOBEX) and it is a communications protocol which facilitates the exchange of binary objects between devices.

The DOS attack uses the GPL GNU licensed ussp-push OBEX object pusher for Linux which supports Bluetooth name resolution and direct access to remote Bluetooth listening channels. As the full disclosure list statement says: “Using ussp-push it is possible to send out files very quickly. By continuously trying to push a OBEX, the target is flooded with prompts whether to accept the OBEX or not, which disables any other usage on the phone, including the ability to turn off Bluetooth”.

Furthermore, “a user could be forced to accept a possibly malicious file with the attack. Using only one Bluetooth-Dongle, we were able to practically disable three phones simultaneously”.

The report also mentions the phones vulnerable to this Bluetooth DOS attack: the Sony Ericsson K700i, the Nokia N70, Motorola RAZR V3, Sony Ericsson W810i and the LG Chocolate KG800.

Softpedia

DOS, Attacks, Cellphones, Bluetooth