Bluejacking

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers,^[1] sending a vCard which typically contains a message in the name field (i.e., for bluedating) to another Bluetooth-enabled device via the OBEX protocol.

This Siemens M75 is bluejacking the Sony Ericsson K600i pictured below.

This Sony Ericsson K600i is being bluejacked by the Siemens M75 pictured above. The text at the bottom of the screen reads "Add to contacts?" in Norwegian.

Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters.

Origins

Bluejacking was reportedly first carried out between 2001 and 2003 by a Malaysian IT consultant who used his phone to advertise Ericsson to a single Nokia 7650 phone owner in a Malaysian bank.^[2] He also invented the name, which he claims is an amalgam of Bluetooth and ajack, his username on Esato, a Sony Ericsson fan online forum. Jacking is, however, an extremely common shortening of "hijack', the act of taking over something.^[3][4] Ajack's original posts are hard to find, but references to the exploit are common in 2003 posts.

Another user on the forum claims earlier discovery,^[5] reporting a near-identical story to that attributed to Ajack, except they describe bluejacking 44 Nokia 7650 phones instead of one, and the location is a garage, seemingly in Denmark, rather than a Malaysian Bank. Also, the message was an insult to Nokia owners rather than a Sony Ericsson advertisement.

Usage

Bluejacking is usually not very harmful, except that bluejacked people generally don't know what has happened, and so may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.

The actual message itself doesn't deploy any malware to the software; rather, it is crafted to elicit a response from the user or add a new contact and can be seen as more of a prank than an attack. These messages can evoke either annoyance or amusement in the recipient. Users typically possess the ability to reject such messages, and this tactic is frequently employed in confined environments such as planes, trains, and buses.^[6] However, some forms of DoS Disruptions are still possible, even in modern devices, by sending unsolicited pairing requests in rapid succession; this becomes disruptive because most systems display a full screen notification for every connection request, interrupting every other activity, especially on less powerful devices.

Bluejacking is also confused with Bluesnarfing, which is the way in which mobile phones are illegally hacked via Bluetooth.

Companies

BluejackQ

BlueJackQ is a website dedicated to bluejacking. The website contains a few bluejacking stories taken from the site's forum. The website also includes software that can be used for bluejacking and guides on how to bluejack which are slightly out of date but the basic principle still applies to most makes of phone. Its forum has 4,000 registered users and 93,050 posts.^[7] The website has been featured in many news articles.^[8]

The forums ^[7] were opened on the November 13, 2003 and has been the center of BluejackQ from the start. It currently has 4 moderators and has 20 different sections available to members. The areas included information about BluejackQ, reviews of mobile phones, media players, PDAs and Miscellaneous devices, general bluejacking threads and an off-topic area. The BluejackQ podcast was first released as a test version on January 15, 2006, thus becoming the first bluejacking-related podcast. Podcasts 1, 2 and 3 featured three members of the forums.^{[citation needed]}

The forums seem to have been unused since 2020.

Fictional reference in Person of Interest

The authentic bluejacking as described here is not the same exploit which was frequently depicted in the television series Person of Interest; that fictional exploit portrayed different and more invasive capabilities.

See also

• Bluebugging
• Bluesnarfing
• AirDrop

References

1. Dagon, D.; Martin, T.; Starner, T. (2004-01-01). "Mobile Phones as Computing Devices: The Viruses are Coming!". IEEE Pervasive Computing. 3 (4): 11–15. doi:10.1109/MPRV.2004.21. ISSN 1536-1268. S2CID 14224399.
2. "Bluejacking 'a harmless prank'". 25 November 2003.
3. Do You Speak American . Words That Shouldn't Be? . Sez Who? . Cyberspace | PBS
4. Bluejacking ‘a harmless prank'
5. "I did somthing that can be conciderd as a bluetooth rampage!".
6. "Introduction and overview", Educational Leadership, Cambridge University Press, pp. 1–5, 2007-01-22, doi:10.1017/cbo9781139168564.001, ISBN 978-0-521-68512-2, retrieved 2024-02-16
7. bluejackQ.com :: Index Archived October 5, 2006, at the Wayback Machine
8. bluejackQ and jellyellie in the media - bluejackQ.com Archived October 5, 2006, at the Wayback Machine