If not redirected, please click here https://www.thesecuritybuddy.com/bluetooth-security/what-is-bluesmack-attack/
BlueSmack Attack is an example of Denial of Service Attack for Bluetooth enabled devices. It works like Ping of Death. It uses L2CAP layer to transfer an oversized packet to Bluetooth enabled devices, resulting in a Denial of Service attack.
BlueSmack Attack is an example of Denial of Service Attack for Bluetooth enabled devices. It works like Ping of Death. It uses L2CAP layer to transfer an oversized packet to Bluetooth enabled devices, resulting in a Denial of Service attack.
What is L2CAP ?
To understand L2CAP, we need to know a
little bit about Bluetooth protocol stack.
Bluetooth services actually use a
protocol stack, which just for ease of understanding can be compared
to OSI model of network protocol stack. This Bluetooth protocol stack
consists of the following main layers :
- SDP
- LMP
- L2CAP
- RFCOMM
- TCS
SDP – SDP
or Service Discovery
Protocol is responsible for detecting services provided by other
Bluetooth enabled devices. A Bluetooth enabled device keeps track of
presence of other Bluetooth enabled devices within its operating
range using this protocol.
LMP – LMP or Link Managing
Protocol is responsible for keeping track of connected devices. A
Bluetooth enabled device pairs with other Bluetooth enabled devices
using this protocol.
L2CAP – L2CAP or Logical
Link Control and Adaption Protocol provides connectionless and
connection-oriented data services to the upper layers of the
Bluetooth stack.
RFCOMM – RFCOMM or Radio
Frequency Communication protocol
uses L2CAP protocol and is responsible for providing emulated
serial ports to other devices. A Bluetooth enabled device can
simultaneously connect upto 60 other Bluetooth enabled devices
because of RFCOMM protocol.
TCS – TCS or Telephony
Control Protocol uses L2CAP protocol and provides the
functionality of controlling of telephony applications.
What is BlueSmack Attack ?
In L2CAP protocol, there is a
possibility of requesting and receiving echo from other Bluetooth
enabled peer. This is done through L2CAP ping. This L2CAP ping helps
in checking connectivity and roundtrip time of established
connections with other Bluetooth enabled devices.
Every device has a limit on the size of
the L2CAP ping. If it gets a L2CAP ping packet which is beyond the
limit of the size, it will crash. And, in BlueSmack Attack, the
attacker does exactly that.
How do attackers perpetrate BlueSmack Attack ?
BlueSmack Attack can be perpetrated
with standard tools that ship with the official Linux Bluez utils
package.
The l2ping, that ships with the
standard distribution of the BlueZ utils, allows the user to specify
the packet length of the l2ping using -s <number> option. Many
devices start reacting with packet size starting from 600 bytes.
How to prevent BlueSmack Attack ?
- Turn off the Bluetooth in the devices when not in use.
- Configure the Bluetooth device to use the lowest power that meets your needs. For example, Class 3 devices transmit at 1 mW which cannot communicate beyond 10 meters. And, Class 1 devices transmit at 100 mW, which cannot communicate beyong 100 meters. Adjusting power does not eliminate the possibility of outsider attack, but it can reduce the possibility to a great extent.
- Do not permanently store the pairing PIN code on Bluetooth devices.
Read More
What is BlueSnarfing ?
What is BlueBugging ?
What is BlueSniping ?
What is BlueJacking ?
What is BlueDump ?
What is BluePrinting ?
What is BlueBump Attack ?
No comments:
Post a Comment