BlueSmack

BlueSmack is a Bluetooth attack that knocks out some Bluetooth-enabled devices immediately. This Denial of Service attack can be conducted using standard tools that ship with the official Linux Bluez utils package.

Introduction

The 'Ping of Death' is basically a network ping packet that used to knock out early versions of Microsoft Windows 95. The BlueSmack is the same kind of attack buit transferred in to the Bluetooth world. On the L2CAP layer there is the possibility to request an echo from another Bluetooth peer. As for the ICMP ping, the idea of the L2CAP ping (echo request) is also to check connectivity and to measure roundtrip time on the established link.

Method

Basically, the l2ping that ships with the standard distribution of the BlueZ utils allows the user to specify a packet length that is sent to the respective peer. This is done by meas of the -s <num> option. Many (many) iPaqs react immidiately beginning with a size of about 600 bytes.

People Involved

For questions about the BlueSmack attack, feel free to ask Adam Laurie, Marcel Holtmann or Martin Herfurt.