What bluejacking is and how to defend against it

Anton P. | February 2, 2022

Bluejacking refers to an attack targeting Bluetooth-enabled devices like smartphones, laptops, and smartwatches. The typical approach involves sending unsolicited messages to the nearby targets within the Bluetooth range. At first glance, bluejacking might seem irritating but harmless in the end. However, attackers can send malicious content, links, or files with the intent to hack and damage. So, this Bluetooth hacking can transmit threatening messages, images, or promotional content.

bluejacking

What is bluejacking?

Bluejacking is a technique of sending anonymous unwanted messages to users. Such attacks typically occur in crowded public places. Thus, hackers detect and connect to Bluetooth-enabled devices in close proximity. The technique exploits the element of surprise and hopes users will react on the spur of the moment.

Luckily, bluejacking is not highly popular anymore. Some pranksters still try to intimidate their victims by delivering odd or alarming messages.

Initially, hackers would send messages, but smartphone capabilities have opened venues for images, sounds, and videos.

How does bluejacking happen?

Bluejacking happens when attackers find targets nearby the areas they are in. Such targeting might be specific, with hackers coming to select locations. However, the victim screening might be random, picking those with enabled Bluetooth settings.

The maliciousness of such unsolicited messages depends on their content. Are they humorous, simply aimed to irritate? They also can be more deceptive, mimicking banking or other official services.

The typical sequence of bluejacking is as follows:

  1. Culprits go to a select location, preferably one with many people.
  2. Attackers search for Bluetooth-enabled devices nearby.
  3. They then try to pair their device with the target.
  4. Some targeted devices can require authentication, like providing a password. A common way to avert this is to use brute force attacks.
  5. Hackers can now send unsolicited messages to the victim if a connection gets established.

Considering the vulnerability of Bluetooth, attackers can engage in many Bluetooth-targeting techniques. Bluejacking is one of them, but bluebugging and bluesnarfing are also possible exploits.

Comparing bluejacking, bluesnarfing, and bluebugging

Bluetooth, like any technology, is not bulletproof. From vulnerabilities to other hacking tactics, Bluetooth faces many threats. Bluejacking is only one of them, and users might confuse it with other similar strategies.

  • Bluejacking. Hackers connect to nearby Bluetooth devices and send unsolicited messages. It can be harmless unless the transmitted content has malicious components like fake links, comparable to smishing.
  • Bluebugging. It is a technique for targeting cell phones. Essentially, hackers exploit a flaw (a bluebug) to access a device. After that, it is possible to do much more harm than with bluejacking. Attackers can initiate phone calls, send text messages, connect to the internet, and read contacts.
  • Bluesnarfing. While bluejacking delivers unwanted messages to targeted devices, bluesnarfing aims to extract information. Hackers can access various device components through a Bluetooth connection, like contacts, calendars, photo galleries, and more. Thus, this Bluetooth attack can be devastating as it facilitates data theft.

How dangerous can bluejacking be?

There is usually no harm in receiving unexpected messages. Nevertheless, there are scenarios where bluejacking can turn dangerous. Besides transmitting malicious links or files, let’s consider an example of a dangerous bluejacking attack.

Presume that you have received a bizarre message on a wearable device (say, smartwatch). Accidentally, you have responded to the message, confirming the initiated request. However, an attacker had sent a request to synchronize daily tracking data. Without even realizing it, you could accidentally validate such a message.

Protect your device from bluejacking

It is relatively easy to avoid bluejacking. The following tips will help you protect your device from Bluetooth-targeting attacks and other illegal acts.

  • Disable Bluetooth if not in active use. Keep Bluetooth turned off if your device does not connect to other gadgets. This change will not only evade attacks against Bluetooth. For instance, it can also minimize location tracking done through Bluetooth.
  • Make your Bluetooth undiscoverable. When you need to have your Bluetooth enabled, set it as hidden. It will prevent other Bluetooth devices from recognizing your device. For instance, you will need to turn off open detection on some devices.
  • Be wary of messages and emails. Besides bluejacking, there are other ways to deliver social engineering scams. Users should know the basics of recognizing deceptive messages. The main rule is never to open files or follow links found in emails or texts.
  • Lock your device. Having a password-protected device is essential. Thus, pick the best lock for your smartphone, tablet, or computer.
  • Enable two-factor authentication. Passwords are not foolproof. From simple combinations to leaked passwords, various scenarios can lead to account takeover. Therefore, enable 2FA on all services you use.
  • Avoid public Wi-Fi. Free hotspots can be a blessing, especially if you run low on cellular data. However, experts discourage you from connecting to any free Wi-Fi network you encounter. If you are an avid user of such networks, the next tip can be a gamechanger to your experience.
  • Encrypt internet traffic. Public Wi-Fi frequently lacks encryption, which means that your online activities are susceptible to snooping. A Virtual Private Network encrypts your connection and stops entities from learning your digital habits. It is the go-to tool for becoming more private and secure online.
Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.

Tags:

2fabluetooth

© 2022 Atlas VPN. All rights reserved.