What is bluejacking? How to avoid bluejacking attacks

How does bluejacking work?

Let's start with a clear bluejacking definition. What is bluejacking and how does it work? It’s an attack that sends unsolicited messages to bluetooth-enabled devices, provided the target is in a certain area. It's relatively simple to bluejack a phone, although it's not a common practice these days.

Bluetooth is wireless a connection that links phones and other devices together. Although it’s not as popular now as its creators expected — having been supplanted by Wi-fi in many use-cases — most devices still come with Bluetooth functionality.

How do bluejacking attacks take place?

A hacker can launch a bluejacking attack in just a few simple steps.

1. The attacker finds a Bluetooth-enabled device in their immediate vicinity.
2. They pair their own device with the victim’s. If they need to authenticate themselves with a password to establish the connection, they can use brute forcing software, cycling through multiple password combinations until they find the right one.
3. Once they’ve connected, they can spam the victim with messages and even send them images.

Bluejacking vs. bluebugging

Don’t confuse bluejacking with bluebugging; these are different types of hacking. While both attacks take advantage of Bluetooth connections, the latter is much more dangerous than the former.

In bluebugging attacks, hackers can install malware directly onto a target’s device, allowing them to launch further attacks and steal sensitive data.

If someone is bluejacking phones, they can't cause much serious trouble. Bluejack operations have previously been used more for annoying adverts and pranks than malicious criminal activity.

How to protect yourself from bluejacking attacks

The best thing you can do to protect yourself from bluejacking, and all other Bluetooth-related attacks, is to keep your device’s Bluetooth function switched off unless you’re using it for a specific reason.

If you do have to turn on your Bluetooth for extended periods, make sure to protect it with a strong password. Default passwords are usually pretty weak, so change it to something more secure.

To this end, try to use a randomized collection of numbers, symbols, and upper and lower case letters. Avoid any discernible patterns, like recognisable words or numerical sequences, as these can be quickly cracked by hacking software.

Is bluejacking dangerous?

Bluejacking could be dangerous, in theory. For example, it could allow a stranger to send phishing messages, encouraging the victim to click on a link and download malware onto their device.

But in reality, it shouldn’t be too high on your list of cybersecurity concerns. Because of the nature of Bluetooth, the attacker has to be in close proximity to the target, usually around 10 meters away.

That’s a pretty high-risk strategy for them, since bad actors have a wide range of sophisticated tools at their disposal which don’t involve getting close to their victims.

The real dangers

Of course, just because bluejacking isn’t a serious threat doesn’t mean you should be relaxed about your device security. If you’re out in public with a phone, tablet, or laptop, there are still several ways that hackers can target you.

• Online adverts are everywhere these days, and some of them can be more than just annoying and distracting. Malicious advertising, or malvertising, involves hackers sneaking ads onto legitimate websites. If you click on them, intentionally or by accident, you run the risk of downloading malware and viruses onto your device.
• Phishing emails are a classic but effective way to spread malware. Phishing is the act of sending a message, usually an email, in which the sender pretends to be a legitimate figure like a bank or a recognisable business. They then ask the target to follow a link. Clicking the link will either infect your device with malware or trick you into exposing login details for various accounts.
• Public Wi-fi is always convenient, but it’s rarely safe. If you’re connecting to the internet in a cafe or on public transport, there’s no way to be sure whether the router has been properly protected. Even worse, you might be connecting to a hacker’s personal hotspot, which has been renamed to make it look like an official Wi-fi connection. If the public Wi-fi is compromised, data you send over it could be exposed.

The best way to protect your device while you’re using it in public places is with a VPN, or virtual private network. While a VPN won’t protect you from Bluetooth attacks, it will ensure that you can use public Wi-fi without exposing your browsing activity to snoopers and criminals.

NordVPN is a powerful cybersecurity tool, which can strengthen your privacy and make the internet a safer place to browse.