Bluejacking is a method of sending messages to other Bluetooth-enabled devices such as phones, laptops, among others while remaining anonyms. Pranksters usually use this technique in public spaces like restaurants, coffee shops and other places of public gathering.
Bluejacking technique is non-specific, meaning that there is no set target. It is instead a trial and error mechanism, where a prankster, to annoy people, sends messages (either in text, audio/video or in image format) to those who are in the vicinity and have the Bluetooth on their devices turned on.
Usually, a prankster sends messages like ‘How is your coffee/food’ or ‘Hi there! You are looking pretty in that dress’, to see the shocking and confusing look on that person’s face, for genuine amusement. The person, on the other hand, feels that someone is surveilling them.
Also read: Should you also be taping your webcam?
How does Bluejacking work?
Bluejacking works in the following simple steps.
- Select a place with a large gathering of people.
- Create a new contact in your address book.
- Enter the message that you want to share in the contact name and save it.
- Now send the new contact via Bluetooth.
- You will receive the ‘card sent’ message on your phone, and the target will receive a Bluetooth share message.
Is Bluejacking harmful?
No. Bluejackjng is not harmful. Although annoying, it is only intended for the amusement of the attacker and for pranking people. However, another technique called Bluesanrfing, which uses a similar method, can be harmful as it is used to steal data and personally identifiable information from the victim’s device.
Bluesnarfing: What is it and how does it work
Adam Laurie of AL Digital security firm and Marcell Holtmann independently discovered the Bluesnarfing attack in November and September 2003 respectively. In a Bluesnarfing attack, the device’s data, which includes entire phonebook, calendar, emails and even the IMEI number, is stolen through Bluetooth pairing — unknown to the victim.
To perform Bluesnarfing attack, the hacker needs to connect to the OBEX Push Profile, which does not require authentication. OBEX stands for Object Exchange and is a communication protocol that is used to transfer bits of information from one device to another in a wireless environment. OBEX protocol is maintained by the Infrared Data Association and is adopted by Bluetooth Special Interest Group and others.
In Bluesnarfing, the hacker takes advantages of the vulnerabilities present in the OBEX protocol. A hacker then pairs his device with the victim’s device, and if the firmware on the victim’s device isn’t adequately secured, the hacker gains access to the victim’s device and can steal the data using OBEX GET request. In a GET request, the client asks for a file from the server and the server, in turn, presents the client with the desired file.
Various Bluesnarfing tools and utilities can be found on Dark Web and other underground stores. Data stolen from such attacks can also be found in dark web marketplaces.
How to counter the attacks?
To counter Bluetooth-based attacks, you can follow the measures below.
- Disable Bluetooth in public locations.
- Keep Bluetooth in invisible mode.
- Regularly update the device.
- Block or ignore unknown devices.
- Keep a strong password and periodically changing it.
By following the above measures, you can protect your device from Bluetooth-based attacks.