Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
Blog How-To

Bluesnarfing: what is it and how to prevent it

While Bluetooth is a convenient feature, it can also become handy for hackers to access your phone. Bluesnarfing is one way hackers take advantage of Bluetooth vulnerabilities.

Paulius Ilevičius

Paulius Ilevičius

Dec 23, 2021 · 2 min read

Bluesnarfing: what is it and how to prevent it

What is bluesnarfing?

Bluesnarfing is a hacking technique that exploits Bluetooth connections to snatch data from a wireless device. An attacker can perform bluesnarfing when the Bluetooth function is on and your device is discoverable by other devices within range. In some cases, attackers can even make calls from their victim's phone.

Bluesnarfing is one of the most easily implementable types of hacking. Such data theft can occur without the user's knowledge, and cybercriminals can obtain information such as emails, text messages, or contact lists. An attacker must be within at least 10 meters of you for an attack to succeed. However, in some cases, they can initiate a bluesnarfing attack from a greater distance.

How bluesnarfing works

To initiate a bluesnarfing attack, hackers must exploit the object exchange (OBEX) protocol used to exchange information between wireless devices. The inherent vulnerabilities of OBEX can be exploited by using such tools as Bluediving, which probes Bluetooth-compatible devices for OBEX loopholes.

After compromising the OBEX, hackers can pair their systems with a targeted device. Then they use bluesnarfing tools to attack it. If a device doesn't have strong firmware protection, the attackers can snatch data from it.

Hackers either create bluesnarfing tools themselves or purchase them online. Ready-to-use tools are widely available on the dark web.

How to prevent bluesnarfing

Here are a few tips on how you can reduce the possibility of a bluesnarfing attack:

  • Turn Bluetooth off or make it hidden and non-discoverable when you are not using it. Just keep one thing in mind. Even though a hidden device has fewer chances of being exploited, an attacker can still bluesnarf it by guessing its MAC address via a brute-force attack;
  • Turn off your phone's Bluetooth discovery mode when it is not needed;
  • Do not accept any connection requests that you don't recognize;
  • Enable security features such as two-factor authentication and PIN number. This way, all connection requests will require your approval;
  • Regularly update your phone's software to install patches against the latest vulnerabilities.