Blueper is a tool designed to abuse Bluetooth file transferring. It uses ussp-push to transfer files from one device to another. The design of this tool provides several possible end results. One is an annoyance of continual popups of file transfer requests on the remote device. Another, is to write data to a remote device disk without user interaction. It can even lock up or crash some devices.

When messing around with file uploads one of my PDAs I notice that the files were being cached before I was prompted to download the file. I decided to test if this effect would cascade, IE it would keep caching files without my interaction. And to my surprise, thats what it did. I let the file uploads run till the disk was full on the device and found that the device could no longer operate properly with such limited disk space. I was unable to find where the cached files were located and had to do a factory reset to get it up and running again.

So the basics of the attack involve uploading files to a cache without end user interaction. If the attack goes on long enough, they could be forced to reset there device. It should be noted that this only works on a select number of devices. If the upload hangs without transferring data, that generally means the end user has to accept the transfer before the file is cached.



Name: blueper-0.4.tar.gz
Size: 4.5 KB
MD5: 23865e0bcb89239b68f57996ad7ff3f4
Download: Click Here



v0.4 - 07/08/09 :
- removed debug output
- fixed "make clean"

v0.3 - 07/07/09 :
- Fixed problem with Channel for targeting all devices in range.
- Randomized number appended to remote filename.
- I changed some of the flags.
- Added "install" to make script

v0.2 - 04/20/2009 :
- Moved from shell script to C binary. Added file generation capability.

v0.1 - 03/15/2009 :
- Initial Release


Screen Shots