New Bluetooth attack disables phones

By | January 22, 2007

Security researchers discovered a new technique to launch Denial-of-Service attack against mobile phones. The new DoS attack uses Bluetooth to flood the mobile device with OBEX push requests.

Details about the vulnerability were posted on the full-disclosure list: “Using ussp-push, it is possible to send out files very quickly. By continuously trying to push a OBEX, the target is flooded with prompts whether to accept the OBEX or not, which disables any other usage on the phone, including the ability to turn off Bluetooth”.

“Plus, a user could be forced to accept a possibly malicious file with the attack. Using only one Bluetooth-Dongle, we were able to practically disable three phones simultaneously.”

The following mobile phones are vulnerable to the attack: Sony Ericsson K700i, Nokia N70, Motorola RAZR V3, Sony Ericsson W810i and LG Chocolate KG800.

Leave a Reply