What is bluejacking? How to avoid bluejacking attacks

What is bluejacking?

Bluejacking is an attack in which someone sends unsolicited messages to a Bluetooth-enabled device. The target must be within their Bluetooth range for the attack to work. It’s relatively simple to bluejack a phone, although it’s not a common practice these days.

Bluetooth is wireless a connection that links phones and other devices together. Although it’s not as popular now as its creators expected — having been supplanted by Wi-fi in many use-cases — most devices still come with Bluetooth functionality.

How does bluejacking work?

A hacker can launch a bluejacking attack in just a few simple steps.

1. The attacker finds a Bluetooth-enabled device in their immediate vicinity.
2. They pair their own device with the victim’s. If they need to authenticate themselves with a password to establish the connection, they can use brute forcing software, cycling through multiple password combinations until they find the right one.
3. Once they’ve connected, they can spam the victim with messages and even send them images.

Bluejacking vs. bluebugging

Don’t confuse bluejacking with bluebugging; these are different types of hacking. While both attacks take advantage of Bluetooth connections, the latter is much more dangerous than the former.

In bluebugging attacks, hackers can install malware directly onto a target’s device, allowing them to launch further attacks and steal sensitive data.

If someone is bluejacking phones, they can’t cause much serious trouble. Bluejack operations have previously been used more for annoying adverts and pranks than malicious criminal activity.

How to protect yourself from bluejacking attacks

Here are a few simple steps to avoid bluejacking and other Bluetooth attacks.

• Keep your device’s Bluetooth functionality off when you’re not using it.
• Never accept a Bluetooth pairing request from a device you don’t know.
• Make sure you know the names of all your devices on Bluetooth, so you don’t connect to an unknown device by accident.
• If a stranger sends you files via Bluetooth, don’t open them.

If you do have to turn on your Bluetooth for extended periods, do not accept connection requests that you don’t recognize.

Is bluejacking dangerous?

Bluejacking could be dangerous, in theory. For example, it could allow a stranger to send phishing messages, encouraging the victim to click on a link and download malware onto their device.

But in reality, it shouldn’t be too high on your list of cybersecurity concerns. Because of the nature of Bluetooth, the attacker has to be in close proximity to the target, usually around 10 meters away.

That’s a pretty high-risk strategy for them, since bad actors have a wide range of sophisticated tools at their disposal which don’t involve getting close to their victims.

The real dangers

Of course, just because bluejacking isn’t a serious threat doesn’t mean you should be relaxed about your device security. If you’re out in public with a phone, tablet, or laptop, there are still several ways that hackers can target you.

• Online adverts are everywhere these days, and some of them can be more than just annoying and distracting. Malicious advertising, or malvertising, involves hackers sneaking ads onto legitimate websites. If you click on them, intentionally or by accident, you run the risk of downloading malware and viruses onto your device.
• Phishing emails are a classic but effective way to spread malware. Phishing is the act of sending a message, usually an email, in which the sender pretends to be a legitimate figure like a bank or a recognizable business. They then ask the target to follow a link. Clicking the link will either infect your device with malware or trick you into exposing login details for various accounts.
• Public Wi-fi is always convenient, but it’s rarely safe. If you’re connecting to the internet in a café or on public transport, there’s no way to be sure whether the router has been properly protected. Even worse, you might be connecting to a hacker’s personal hotspot, which has been renamed to make it look like an official Wi-fi connection. If the public Wi-fi is compromised, data you send over it could be exposed.

The best way to protect your device while you’re using it in public places is with a VPN, or virtual private network. While a VPN won’t protect you from Bluetooth attacks, it will ensure that you can use public Wi-fi without exposing your browsing activity to snoopers and criminals.

And with NordVPN, you’ll be taking your online security to a whole new level. Its Threat Protection feature will guard your devices from viruses, block intrusive ads before they can even load, stop internet trackers and prevent you from landing on malicious websites.

NordVPN is a powerful cybersecurity tool, which can strengthen your privacy and make the internet a safer place to browse.