What is BlueJacking?
Bluejacking or Bluehacking is a type of hacking that allows the hacker to send an anonymous message to the Bluetooth-enabled gadgets such as mobile phones and laptops within the range. It is an obscure tactic employed to take advantage of the Bluetooth connectivity of your device and spam you with unsolicited messages. It resembles phishing and spam mail attacks on email users.
The Bluejacker sends V-cards to the victim’s device using Bluetooth OBEX communication protocol that facilitates the exchange of binary objects between the connected devices. For example, the OBEX could exchange business cards, images, data, and even some applications. Bluedating or BlueChating is a kind of Bluejacking.
As the name implies, it does not involve hijacking the victim’s device. Instead, the hacker scans with his Bluetooth-enabled gadget and searches for the other devices within the radius, and then sends unsolicited messages to the target devices within the range. It exploits the very basic feature of Bluetooth that allows the devices to send and receive messages to contacts within the radius.
The Bluejacker sends the unsolicited message, and he never has control over the devices at the receiving end. But it is an annoyance. The Bluejacking is entirely different from Bluesnarfing Bluebuging, though they all use Bluetooth as the point of entry to the victim’s device. Bluesnarfing Bluebuging is a harmful attack in which it takes complete control of the victim’s device, and the user loses control over his own device. Bluejacking can be avoided by using hidden, non-discoverable, or invisible modes.
How Bluejacking exploits pairing protocol:
During the pairing protocol, the connected devices exchange information between the Bluetooth-enabled devices to connect, update and synchronize the data. During the process, the devices authenticate each other. The authentication is primarily used to pass communication during the initial handshake phase. The name of the initiating device is displayed on the target device as the sequence of the handshake exchange.
The protocol allows a name field to be passed as a message. It is a critical security issue that can exploit the protocol. And the bluejackers use the initial part of the pairing process in which the exchange of information takes place. In this initial handshaking phase, Bluejacker successfully pairs the target device.
Though it is usually harmless, it is annoying. Bluejacked people usually do not know what is actually happening. They actually think that their phone is malfunctioning. With the latest technology, a bluejacker can not only send text messages, but a hacker can also send images and sounds. It is employed in Guerrilla marketing and advergames. The Blujacker carefully crafts a personal identification with the device and exchanges deceitful text messages as authentication dialogues. Thus he can trick the user and gain access to the victim’s phone book calendar or data saved on his phone.
There are some exclusive websites and portals like BluejackQ dedicated to Bluejackers. Thirteen-year-old Ellie from the UK created the BluejackQ website where people can share their own experiences.
It has the good old stories related to Bluejacking. Besides, it includes the guides and software that bluejackers can use. Though it has guides on how to Bluejack, but they are outdated. Even though most of the basic principles still apply to most of the mobile phones
How are Bluejacking attacks Working?
Though it is not a common practice, it is relatively simple to bluejack a device. Bluejackers prefer areas with high traffic to find many users with Bluetooth-enabled devices. These places include bus terminals, railway stations, airports, Malls, restaurants, and cafes. The Jackers then scan the area for sending anonymous messages.
- First, the Bluejacker finds the Bluetooth-enabled devices in their immediate vicinity or range.
- They pair their device with the victim’s device.
- If they need to authenticate themselves with the password to establish a connection, then they use brute force to find the right one. Then, using it, they establish a connection and pair it with the victim’s device.
- Once paired, they can send spam messages and images.
How to Protect Yourself from BlueJackers?
Bluejacking is just a prank than a threat; it is still good to protect your devices by following good practices.
The following are the best things you have to do to protect yourself from Bluejackers and all other Bluetooth related attacks such as Bluesnarfing, Bluebuging, and Bluejacking:
- First, disable Bluetooth and Airdrop functions when you are not using them.
- If you need to use Bluetooth for extended periods, then protect it with a very strong password. Do not use your default passwords or simple and weak passwords.
- Use randomized numbers, symbols, upper and lower case letters, and special characters for a strong password. Do not use any specific patterns with recognizable words or sequences of numbers and characters. They can be easily cracked the hacking or brute force software.
- If you feel your device is perpetrated, then you need to do “ factory resetting “ of your device.
Is Bluejacking Dangerous?
In practice, it is not dangerous, but it is harmful. Since the hacker is within close proximity of yourself (10 to 15 meters), it is not as high as we thought. However, if the hackers have a wide range of sophisticated software tools, then it may be an increased risk for the victim. It has a very limited range of 10 meters for mobile devices and 100 meters for laptops. Mobile phones use class 2 transmitters, whereas laptops use powerful class 1 transmitters. It does not involve removing or altering any data from the victim’s device. Even though it is not illegal, it is an infringement of the victim’s territory. And it could not access the resources of the recipient device and steal anything.
Code of Ethics followed by Professional Bluejackers:
In addition, there is an unwritten set of rules followed by the Bluejacker community about not disrespecting the targeted victim.
- Unauthorized access to any unknown computer is a punishable offense under the 1990 computer misuse act. Therefore the bluejackers never hack your device.
- They only send royalty-free images.
- The images should not be insulting or inappropriate.
- After the first two messages, if the recipient shows no interest, the Bluejacker will stop sending messages.
- If the recipient shows interest and responds, the Bluejacker can send a maximum of 10 pictures or messages.
- The communication must be stopped if the received feels annoyed
- If a bluejacker is caught red-handed, he must abide by the law and cooperate.
Why is Bluejacking employed?
- It is easy to do
- Lesser cost
- It can penetrate through the firewalls
- It can establish a connection with the receiver without any wires
- Can be used for data transfer and voice
- For community activities
- Viral interactions
- Less secure
- Slow data transfer rate
- Limited range
Some Bluejacking Tools:
Process of BlueJacking:
It was first carried out by a Malaysian IT consultant using his Ericson phone. But unfortunately, he only coined the name Bluejack with the amalgamation of words Bluetooth and Ajack.
- Go to contacts in the phone book. On laptops and personal computers, go to address book or outlook.
- Select the New contact option and create a new contact
- Enter the message in the name field with which you want to bluejack
- Press ok or Deon and save this in the phone book or address book of the laptop
- Now click on the contact created
- Go to the action
- Choose via Bluetooth or send to Bluetooth Option
- Now Use the search option for finding active Bluetooth devices within the proximity and select the device from the list.
- Once selected, the message will be transmitted to the victim’s device.
It is possible and very simple since Bluetooth supports both point-to-point and point to multipoint connections. Generally, a Bluetooth network is called a piconet or small net. Piconets can be established and linked together ad-hoc. Before piconets are created, the devices are in STANDBY mode. In this mode, devices are in STANDBY. An unconnected unit periodically “listens” for messages every 1.28 seconds in this mode.
The bluejacking technique can be used to establish contact with new people. For example, you can send advertisements about a product or a company with the ability. It is used in many fields. It is because there are so many new tools available in the market by which a it can be done. Besides, it is a key for advertising and interacting with a new world. However, there are a few security concerns that can be minimized by taking some simple precautions.
Frequently Asked Questions:
What is Bluetooth?
Bluetooth is a standard wire-replacement communications protocol designed for low power consumption, with a short-range based on low-cost transceiver microchips in electronic devices. Bluetooth technology employs low-powered radio waves of frequency 2.45 GHz. It is also known as the ISM band. It is unlicensed bandwidth allocated for industrial, scientific, and medical devices. Bluetooth Protocol Architecture includes radio, baseband, link manager, logical link control and adaptation (L2CAP), Host Controller Interface (HCI), TCP, SDP, and RFCOMM, with some application layers. This protocol uses a combination of circuit and packet switching to send/receive data between the connected devices.
They use short-range wireless technology standards to exchange data between mobile devices over short distances using UHF radio waves. And they build personal area networks. Its transmission power is limited to 2.5 mill watts, and it can operate to the shortest distance of 10 meters. Bluetooth uses a radio technology called frequency-hopping spread spectrum. It divides data into packets and then transmits each packet on one of 79 designated Bluetooth channels. Each channel has a bandwidth of 1 MHz. It usually performs 1600 hops per second.
What is Guerrilla Marketing?
It is an advertisement strategy in which the advertiser uses surprise or unconventional interaction in order to promote his product and service. It employs multiple techniques to establish direct communication with the customer.
What are advergames?
It is a kind of advertising employed in video games. The video game developer is in collaboration with the advertiser. It generally targets the kids who tend to respond to the convincing messages that are embedded in the game.
What is OBEX Protocol?
OBEX is a session layer binary protocol designed to enable systems of different types to exchange data and commands in a resource-sensitive identical fashion. And, it is optimized for ad-hoc wireless links. It is designed to give Push and Pull functionality. Besides, it works in a similar way as HTTP servers works. It follows a client/server request-response paradigm for the conversation format.