Description

An adversary uses Bluetooth flooding to transfer large packets to Bluetooth enabled devices over the L2CAP protocol with the goal of creating a DoS. This attack must be carried out within close proximity to a Bluetooth enabled device.

Attack Execution Flow

3

1

Step 1

Explore

[Scan for Bluetooth Enabled Devices] Using BlueZ along with an antenna, an adversary searches for devices with Bluetooth on.
Note the MAC address of the device you want to attack.

Attack Techniques

Note the MAC address of the device you want to attack.

2

Step 2

Experiment

[Change L2CAP Packet Length] The adversary must change the L2CAP packet length to create packets that will overwhelm a Bluetooth enabled device.
An adversary downloads and installs BlueZ, the standard Bluetooth utility package for Linux.

Attack Techniques

An adversary downloads and installs BlueZ, the standard Bluetooth utility package for Linux.

3

Step 3

Exploit

[Flood] An adversary sends the packets to the target device, and floods it until performance is degraded.

CAPEC 666 BlueSmacking

Description

Attack Execution Flow

Step 1

Attack Techniques

Step 2

Attack Techniques

Step 3

Mitigations

Disable Bluetooth When Not Being Used.

When Using Bluetooth, Set It To Hidden Or Non-Discoverable Mode.

Consequences

Security Scopes Affected

Potential Impacts

Indicators

Relationships

Parent CAPECs

Related ATT&CK Techniques

Direct Network Flood

OS Exhaustion Flood

CAPEC 666 BlueSmacking

Description

Attack Execution Flow

Step 1

Attack Techniques

Step 2

Attack Techniques

Step 3

Mitigations

Disable Bluetooth When Not Being Used.

When Using Bluetooth, Set It To Hidden Or Non-Discoverable Mode.

Consequences

Security Scopes Affected

Potential Impacts

Indicators

Relationships

Parent CAPECs

Related ATT&CK Techniques

Direct Network Flood

OS Exhaustion Flood

Iscriviti alla newsletter