January 29, 2012

3.4.5 Bluejacking

Bluejacking

Bluejacking is the sending of unsolicited messages (think spam) over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field to another bluetooth enabled device via the OBEX protocol.
Bluejacking takes advantage of a loophole in the technology's messaging options that allows a user to send unsolicited messages to other nearby Bluetooth owners.

Bluetooth technology operates by using low-power radio waves, communicating on a frequency of 2.45 gigahertz. This special frequency is also known as the ISM band, an open, unlicensed band set aside for industrial, scientific and medical devices. When a number of Bluetooth devices are switched on in the same area, they all share the same ISM band and can locate and communicate with each other, much like a pair of walkie talkies tuned to the same frequency are able to link up.

Bluetooth technology users take advantage of this ability to network with other phones and can send text messages or electronic business cards to each other. To send information to another party, the user creates a personal contact name in his or her phone's address book -- the name can be anything from the sender's actual name to a clever nickname.

Bluejackers have devised a simple technique to surprise their victims: Instead of creating a legitimate name in the address book, the bluejacker's message takes the place of the name. The prank essentially erases the "from" part of the equation, allowing a user to send any sort of comment he wishes without identifying himself.

Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters.

Bluetooth is often used for creating personal area networks (PANs), and most Bluetooth devices come with a factory default PIN that you will want to change to more secure values.
One of the simplest ways to secure Bluetooth devices is to not set their attribute to Discoverable.

References:

  • http://www.bluejackingtools.com/what-is-bluejacking/
  • http://electronics.howstuffworks.com/bluejacking.htm
  • http://en.wikipedia.org/wiki/Bluejacking
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment