What is Bluejacking?

Bluejacking is a hacking method that lets a person send unsolicited messages (typically flirtatious but can also be malicious) to any Bluetooth-enabled device within his own device’s range. Also known as “bluehacking,” the process begins by scanning one’s surroundings for discoverable Bluetooth-capable devices.

Bluejacking is much like doorbell ditching, wherein a person rings someone’s doorbell and disappears before the homeowner can answer the door.

Other interesting terms…

• What is Bluesnarfing?
• What is Clickjacking?

Read More about “Bluejacking”

The First Reported Bluejacking Incident

The first reported bluejacking incident occurred sometime between 2001 and 2003. A Malaysian IT consultant who went by the moniker “Ajack” used his Ericsson phone to send a message to a Nokia phone user out of boredom while waiting for his turn to get served in a bank.

The first bluejackers sent messages to spread the word about the practice, encouraging people in online forums to try bluejacking. Instead of discouraging the act, device manufacturers saw it as a means to sell more Bluetooth-enabled products. Go figure.

How does Bluejacking Work?

Bluejackers frequent areas with high foot traffic. They are, after all, likely to find many users with discoverable Bluetooth-enabled devices there. These places include bus and train stations, airports, shopping malls, bars, restaurants, and cafes.

The hackers then scan the area for people to send anonymous messages to. The bluejacker first sends a business card to a device owner within a 10-meter radius. If the recipient accepts it, the hacker can then send him or her a message.

Over the years, bluejacking has become a form of pranking that gave birth to a tech subculture and several online forums, such as BluejackQ. In this forum, people learn about and share their experiences with bluejacking. Interestingly, some bluejackers follow a code of ethics. For example, they don’t send messages that contain abusive, threatening, or racist messages. And if their targets show no interest in communicating after they have posted two notes, the bluejackers must stop taunting them.

Despite what the name implies, bluejacking can’t change or delete data from a target device. The most that bluejackers can do is to annoy their targets. Note, too, that bluejacking isn’t the same as bluesnarfing, the practice of hacking mobile devices using Bluetooth.

How to Stay Safe against Bluejacking

The best way to safeguard against bluejacking is to turn your device’s Bluetooth functionality off when it’s not in use. Do so, especially when you’re in a public place. And if you need to use your device’s Bluetooth feature, make sure your device is not discoverable. That way, you can enjoy the benefits of the technology without having to worry about bluejacking.

Even if bluejacking is more of a prank than a threat, it is still a good practice to protect your device and hence your privacy at all times. And if you do decide to try it out, do what the more ethical pranksters do.