Project PDA

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e. for bluedating or bluechat) to another bluetooth enabled device via the OBEX protocol. This involves sending anonymous text messages to other phone users via Bluetooth short-range radio.

Cell phone owners who inadvertently leave their phones discoverable may suffer from “bluejacking,” the phenomenon in which unknown people send data transfers such as address cards. The address card carries a message in place of contact details. Although a remote device can never force a data transfer on another device, leaving devices discoverable makes the user vul- nerable to these half technical, half social-engineering attacks. And it’s possi- ble for bluejacking to go beyond pranks: one early smartphone operating system had a bug that caused the phone to lock up if it was sent a GIF image file constructed in a particular way.

How do you bluejack? By saving a message in the 'name' field of your phone, for example, "Nice tweed trousers", then choose to send it via Bluetooth. A list of enabled hardware in the vicinity should appear on your phone; select the device you want and off you go.

For most 'victims' they will have no idea as to how the message appeared on their phone. So, personalised messages like 'I like your pink top' and the startled expressions that result is where the fun really starts.

Bluejacking is usually technically harmless, but because bluejacked people don't know what is happening, they think their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.

With the increase in the availability of bluetooth enabled devices, these devices have become vulnerable to virus attacks and even complete take over of devices through a trojan horse program.

Bluejacking is also confused with bluesnarfing which is the way in which mobile phones are illegally hacked via bluetooth; see Bluesnarfing for more details.