BlueChop

Jan 2006

1 min read

Bluetooth Classic Security Vulnerability Denial of Service

bluetooth classic security vulnerability denial of service

BlueChop is an attack that the disrupts any established bluetooth piconet by means of a device that is not participating the piconet. A precondition for this attack is that the master of the piconet supports multiple connections (a feature that is necessary for building up scatternets).

Method

In order to BlueChop a piconet, a device that is not participating this piconet spooofs a random slave out of the piconet and contacts the master of the piconet. This leads to confusion of the master’s internal state and disrupts the piconet. This attack is not specific to any device manufacturer and seems to have general validity.

People Involved

For questions about the BlueBump attack, feel free to ask Adam Laurie, Marcel Holtmann or Martin Herfurt.

Martin is an independent security researcher focusing - but not exclusively - on various aspects of product security related to Bluetooth wireless technology. As one of the co-founders of the trifinite.group, Martin worked with the Bluetooth SIG, helping the technology and its adopters overcome early design and implementation issues.

Adam Laurie is Chief Security Officer and a Director of The Bunker Secure Hosting Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties.

Marcel Holtmann is the maintainer and the core developer of the official Linux Bluetooth stack which is called BlueZ. He started working with the Bluetooth technology back in 2001. His work includes new hardware drivers, upper layer protocol implementations and the integration of Bluetooth into other subsystems of the Linux kernel.