Bluetooth - Bluejacking

BLUEJACKING

Bluejacking is one of the more recent trends spreading across the globe although appears to be prominent in Europe. Brewin describes ‘Bluejacking: Uses the wireless connection to send text messages to other mobile phones without first going through the pairing process. As phones, PDAs, and laptops now commonly come with Bluetooth it is possible to search for other devices in the immediate area such as public places and send a message without being detected

The threat of this attack entirely depends on the recipient’s response. If the recipient blocks or refuses to accept the message the attack can go no further. Although if the attacker was to write ‘you have just been Bluejacked, would you like to accept’ this would encourage a number of recipients to become intrigued and accept. Attackers may also use ‘you have won $10,000 enter this code to accept it’ or simply ‘you’ve won a new car’, although some may believe no one would fall for this plot, certainly some would. If the attacker succeeds in pairing the devices then all data on the target device becomes available to the initiator, including such things as phone books, calendars, pictures and text messages.

The best way for users to avoid being Bluejacked is to either switch off their Bluetooth in settings, or to make their device invisible until they require themselves to make a Bluetooth connection. Although most Bluetooth manufacturers are now designing phones so Bluetooth is involuntarily switched off, some devices are sold with Bluetooth switched on.

As technology improves, the information carried on devices increases. This style of attack may be used by criminals, terrorists, activists for limitless reasons such as financial gain. Jones, Kovacich and Luzwick (2002) say that “Another form of attack that this category of attacker might use is identity theft. It is now trivially easy to gain all the information you need to assume someone else’s identity (identity theft) or draw all of the information needed with regard to an organization or a company�.

Herold (2002:02) states that identity theft may be used for the following reasons:

• They call your credit card issuer and, pretending to be you, ask to change the mailing address on your credit card account. The impostor then runs up charges on your account.
• They open a new credit card account, using your name, date of birth,and SSN. When they use the credit card and do not pay the bills, the delinquent account is reported on your credit report.
• They establish phone or wireless service in your name.
• They open a bank account in your name and write bad checks on that account.
• They file for bankruptcy under your name to avoid paying debts they have incurred under your name or to avoid eviction.

Below is a step by step guide to Bluejacking. These steps are available on a website that is dedicated to Bluejacking; www.bluejackq.com.

1. Go to Names

2. Select Add name

3. Type your message and press OK

4. Press OK without entering a phone number (unless you want to send one)

5. Press Done

6. Go to Names

7. Select Search

8. Find your message

9. Select Details

10. Select Options

11. Select Send bus. card

12. Select Via Bluetooth

13. If any devices come up select them

14. If it says Business card sent, you have just bluejacked someone

Reference List

Brewin, B. (2004) ‘Security Threats raise concerns about Bluetooth’, Computer World [Online], vol 38, no.19, p1. Available: Academic Search Elite, 13459085 [Accessed 25/10/04.

Herold, R. (2002) ‘Privacy Papers: Managing Technology, Consumer, Employee and Legislative Actions’ [Online]. Available: Info Security Netbase {Accessed 24/10/04].

Jones, A., Kovacich and Luzwick, P. (2002) Global Information Warfare : How Businesses, Governments and Others Achieve Objectives and Obtain Competitive Advantages, New York: Auuerbach Publications

Bluetooth- Security --benhenzell 09:51, 29 Oct 2004 (EST)