Bluetooth flaw allows DoS attack

A flaw has been identified in the Bluetooth stack which could allow a denial of service attack that destroys the ability to link devices.

The flaw was reported on the Bugtraq mailing list by Spanish security consultant Hugo Vázquez Caramés and details have been forwarded to the Bluetooth organising body.

"The vulnerability is a simple denial of service that can be reproduced with the l2ping Linux tool," said Caramés.

"Due to the nature of 'ping' in the Bluetooth protocol, where a connection must be established, and the limited amount of connections that [standard] Bluetooth stacks can manage, a simple ping flood with l2ping can inhibit Bluetooth on many devices.

"The device then cannot do a device discovery, and other devices cannot connect to it."

The attack works by flooding the device with pings, taking up all available requests in the stack. The target device will then stop trying to make connections and may need to be rebooted in order to work properly.

Nokia has already recognised the problem and produced a software tool that protects its users from any attacks. The potentially affected Nokia models include the 6310, 6310i, 6650, 8910 and 8910i mobile phones, the Nokia 610 car kit phone, and the Nokia 810 car phone.

"Even though Nokia believes the real security risk is very small, we are introducing a software upgrade to ensure security in Bluetooth devices in the above mentioned phone models," said the company in a statement.

"To get an upgrade, owners of the above mentioned phone models may contact the Nokia Customer Care Line in your home country or an authorised Nokia Service Point."