Bluejacking - Anatomy and Threat Prevention

Bluejacking - Anatomy and Threat Prevention
Page content

Modern communication devices including laptop computers and cellular phones as well as, for instance, digital assistants are often equipped with transceivers for short distance wireless communication using the Bluetooth protocol. Using Bluetooth people can, among other things, exchange their electronic business card in the vCards format. Bluejacking is sending unsolicited messages to Bluetooth enable devices, mostly in the form of vCards.

The term Bluejacking has a strong connotation of hijacking a Bluetooth device, which it is definitively not. Rather than hacking a Bluetooth enabled device Bluejacking is being used for sending flirt messages and for Guerrilla marketing purposes, but it can be doubted whether Bluejacking is as successful strategy as many users tend to think that something is wrong with their electronic device when they receive an unsolicited message.

Bluejacking is usually relatively harmless, but a number of programs exist to systematically find open Bluetooth devices for sending unsolicited messages, in a Spam-like manner if you will. And there are of course the hackers which try to tap or hack your Bluetooth enabled phone for example. This is called Bluesnarfing and much more dangerous.

As a best practice against Bluejacking it is recommend to generally disabling your device’s Bluetooth port and change to “discoverable” mode only selectively when needed. If your device permits you perhaps want to set it that it automatically locks down Bluetooth after a certain period of inactivity, e.g. 60 seconds. If you decide to leave Bluetooth permanently turned on then you may want to consider securing the Bluetooth connection with a PIN or password such as found in Windows Mobile 5.0 Pocket PC for example.

However, a PIN or password won’t stop Bluesnarfers who will try to hack your secret, unless, perhaps, your device has been configured to lock the connection for a predefined period of time after a number of unsuccessful connection attempts. Therefore, disabling Bluetooth ports remains the most effective protection against Bluesnarfing.

Depending on your type of Bluetooth enabled device and its use you may want to consider additional means of beefing up Bluetooth security such as, for instance, by installing a mobile phone antivirus software to protect you from attacks against your Bluetooth settings.

References

  • Author’s own experience