Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-666:BlueSmacking
Attack Pattern ID:666
Version:v3.9
Attack Pattern Name:BlueSmacking
Abstraction:Standard
Status:Draft
Likelihood of Attack:Medium
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
▼Description
An adversary uses Bluetooth flooding to transfer large packets to Bluetooth enabled devices over the L2CAP protocol with the goal of creating a DoS. This attack must be carried out within close proximity to a Bluetooth enabled device.
▼Extended Description
▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfM125Flooding
Nature: ChildOf
Type: Meta
ID: 125
Name: Flooding
▼Execution Flow
Exploit
1.

Flood

An adversary sends the packets to the target device, and floods it until performance is degraded.

Technique
Explore
1.

Scan for Bluetooth Enabled Devices

Using BlueZ along with an antenna, an adversary searches for devices with Bluetooth on.

Technique
Note the MAC address of the device you want to attack.
Experiment
1.

Change L2CAP Packet Length

The adversary must change the L2CAP packet length to create packets that will overwhelm a Bluetooth enabled device.

Technique
An adversary downloads and installs BlueZ, the standard Bluetooth utility package for Linux.
▼Prerequisites
The system/application has Bluetooth enabled.
▼Skills Required
Low

An adversary only needs a Linux machine along with a Bluetooth adapter, which is extremely common.

▼Resources Required
▼Indicators
Performance is degraded or halted by incoming L2CAP packets.
▼Consequences
ScopeLikelihoodImpactNote
AvailabilityN/AUnreliable ExecutionResource ConsumptionN/A
Scope: Availability
Likelihood: N/A
Impact: Unreliable Execution, Resource Consumption
Note: N/A
▼Mitigations
Disable Bluetooth when not being used.
When using Bluetooth, set it to hidden or non-discoverable mode.
▼Example Instances
▼Related Weaknesses
IDName
CWE-404Improper Resource Shutdown or Release
ID: CWE-404
Name: Improper Resource Shutdown or Release
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
ATTACK1498.001Network Denial of Service: Direct Network Flood
ATTACK1499.001Endpoint Denial of Service: OS Exhaustion Flood
Taxonomy Name: ATTACK
Entry ID: 1498.001
Entry Name: Network Denial of Service: Direct Network Flood
Taxonomy Name: ATTACK
Entry ID: 1499.001
Entry Name: Endpoint Denial of Service: OS Exhaustion Flood
▼Notes
▼References
Reference ID: REF-655
Title: What is BlueSmack Attack?
Author: Amrita Mitra
Publication:
Publisher:The Security Buddy
Edition:
URL:https://www.thesecuritybuddy.com/bluetooth-security/what-is-bluesmack-attack/
URL Date:2021-06-11
Day:08
Month:03
Year:2017
Details not found