As Bluetooth technology gets smarter, so do hi-tech hackers. The best defense against becoming a victim of online identity theft is to educate yourself on the latest trends targeting Bluetooth-enabled devices, and as a result, do what you can to help keep thieves away from your hands-free connection.
Bluejacking, Bluesnarfing, Bluebugging—What’s the Difference?
Think of it as a high-tech version of ding-dong-ditch, where savvy pranksters push unsolicited messages to engage or annoy other nearby Bluetooth users by taking advantage of a loophole in the technology’s messaging options.
More damaging than bluejacking is bluesnarfing. With bluesnarfing, thieves wirelessly connect to some early Bluetooth-enabled mobile devices without the owner’s knowledge to download and/or alter phonebooks, calendars or worse.
Bluebugging goes beyond bluejacking or bluesnarfing, allowing thieves to take full control of a device. A crafty bluebugger can wirelessly direct a mobile phone to make calls without the owner’s knowledge. Similarly, a bluebugger can set call forwarding and receive calls intended for the unsuspecting victim.
How to Safeguard Your Devices
UPDATE YOUR DEVICES
Early Bluetooth-enabled devices defaulted to “discoverable” mode, leave connections vulnerable. This loophole has since been corrected in newer devices. If you’re using an older device, connect by using the “non-discoverable” mode (usually a menu option on your device). This is especially important when you’re in an unfamiliar hot-spot area.
BE HANDS ON
Limit use of your hands-free connection, especially when you are exchanging sensitive data.
BE AWARE OF STRANGER DANGER
Criminals use unsolicited messages or business cards to try and engage victims within range. Don’t engage if you see a strange message like: “I like your hat” or “Enjoying your meal?” Delete!
MONITOR YOUR DATA USAGE
Know your average data usage. If you see a spike, it could be a sign that a hacker is using your device remotely.
LOOK FOR SUSPICIOUS ACTIVITY
If your device starts behaving unexpectedly—turning off or on, or suddenly disconnecting and then reconnecting—it may be a sign you’ve been hacked. If you suspect this is the case, reset your device to factory settings. This is usually a “settings” option on your device that will erase all data and applications, including those that have been criminally installed.
How does Bluejacking Work?
Bluejackers frequent areas with high foot traffic. They are, after all, likely to find many users with discoverable Bluetooth-enabled devices there. These places include bus and train stations, airports, shopping malls, bars, restaurants, and cafes.
The hackers then scan the area for people to send anonymous messages to. The bluejacker first sends a business card to a device owner within a 10-meter radius. If the recipient accepts it, the hacker can then send him or her a message.
Over the years, bluejacking has become a form of pranking that gave birth to a tech subculture and several online forums, such as BluejackQ. In this forum, people learn about and share their experiences with bluejacking. Interestingly, some bluejackers follow a code of ethics. For example, they don’t send messages that contain abusive, threatening, or racist messages. And if their targets show no interest in communicating after they have posted two notes, the bluejackers must stop taunting them.
Despite what the name implies, bluejacking can’t change or delete data from a target device. The most that bluejackers can do is to annoy their targets. Note, too, that bluejacking isn’t the same as bluesnarfing, the practice of hacking mobile devices using Bluetooth.
How to Stay Safe against Bluejacking
The best way to safeguard against bluejacking is to turn your device’s Bluetooth functionality off when it’s not in use. Do so, especially when you’re in a public place. And if you need to use your device’s Bluetooth feature, make sure your device is not discoverable. That way, you can enjoy the benefits of the technology without having to worry about bluejacking.
Even if bluejacking is more of a prank than a threat, it is still a good practice to protect your device and hence your privacy at all times. And if you do decide to try it out, do what the more ethical pranksters do.