• IPG

Bluejacking: How Bluetooth Can Be Used to Hack Your Devices

Bluetooth technology has become much smarter over the years, allowing consumers to connect to Bluetooth devices wirelessly. Headphones, speakers, computer accessories, cameras, and televisions are some examples of widely used Bluetooth devices.

However, a new phenomenon known as “bluejacking” has negatively impacted Bluetooth device users. Hackers are now targeting Bluetooth devices to take advantage of unbeknownst users. So what is bluejacking? How can your systems be hacked through this way? And how can you protect against bluejacking?

Bluetooth was first introduced by Ericsson in 1994, with its primary purpose being to enable wireless headset connections. Since then, it’s provided many wireless connectivity solutions for consumers in the hearable, wearable, and smartphone markets.

It also enables connectivity for gaming accessories, fitness trackers, and smart home sensors. You might be using Bluetooth now—to listen to music through your wireless earphones or to track your activities througha Fitbit watch. Bluetooth has found its way into virtually every industry and, in its current form, can connect up to seven devices at once, forming a “piconet.”

Bluetooth location tracking has many positive aspects too, including, for instance, trying to stop the spread of COVID-19 through Bluetooth contact-tracing.

According to Statista, it’s estimated that global annual Bluetooth device shipments will reach seven billion units by 2026. Bluetooth is one of the most widely used wireless technologies, especially in short-distance transmission. And that makes bluejacking even more worrying.

What Is Bluejacking?

A simple way to understand bluejacking is to think of it as a high-tech version of the well-known ding-dong-ditch prank. A ding-dong-ditch involves a prankster ringing a neighbor’s doorbell, only to run away before someone answers the door. This prank is seemingly harmless to the person on the receiving end, as it’s more of a nuisance than anything else.

Bluejacking occurs similarly. During an attack, one Bluetooth device hijacks another and sends someone spam advertising or other types of unsolicited messages. A hacker can bluejack someone’s device if they’re within 10 to 30 feet of the target by using a loophole in Bluetooth technology’s messaging options.

How Do Cybercriminals Hack Devices Through Bluejacking?

The majority of bluejacking attacks take place in crowded public places. Hackers can easily detect other Bluetooth devices in the area and bluejack them. Because this hacking technique uses the element of surprise, the hacker’s goal is to catch a user off-guard and have them react in the moment—whether that’s clicking on a phishing link or entering a malicious website.

While receiving unwanted messages is annoying, it typically wouldn’t result in serious consequences. However, bluejacking takes a dark turn when the hacker sends someone messages directing them to malicious sites, spam links, potential phishing scams, or files that intend to hack or damage the device.

Bluejacking is not inherently malicious, but if the hacker wants to steal sensitive information from someone’s device, the technique is used as a catalyst. Hackers can use bluejacking as an entry point to exploit the user and make them fall victim to another type of cyberattack.

One major concern regarding bluejacking involves hackers gaining the ability to unlock and lock smart locks and car doors. While bluejacking is not guaranteed to happen to you, you must understand what it is and how to protect yourself.

How to Defend Against Bluejacking

It can be very challenging to trace a bluejacker. Because there’s no theft involved, bluejackers are typically not charged with any crime. For this reason, it’s important for people using Bluetooth devices to understand how they can avoid becoming the next bluejacking victim.

Update Your Bluetooth Devices

Updating any Operating Systems (OS) on your Bluetooth devices is always suggested, as older devices may have loopholes that make a bluejacker’s job easier.

Turn Bluetooth Off or Limit Use

When you enter public places, it’s smart to turn off your Bluetooth connection. If you are not actively using Bluetooth, there’s no reason why you should keep it on. This will help you evade attacks, and it may also minimize location tracking carried out through Bluetooth.

Don’t Engage in Messages or Open Links

No matter what a bluejacker sends you, don't click on any links, open images, or respond to messages. You can delete or ignore any bluejacking messages to prevent any further potential damage.

Remember, you panicking and reacting without thinking is exactly what a hacker wants. This is how mistakes happen, and those can be costly. So when you receive something unexpected, take a moment and ask why and how that's happened, and question whether it could be a scam. In most cases, it is.

Other Types of Bluetooth Attacks

Aside from bluejacking, there are other types of attacks a hacker may use to exploit someone using a Bluetooth device. These include:



Bluetooth Impersonation Attacks (BIAS).


Bluesnarfing is similar to bluejacking, except that this type of attack pairs with someone’s Bluetooth device without their knowledge and a hacker steals or compromises the user’s personal data. Because a bluesnarfing attack results in data theft, it’s considered illegal.

BlueBorne attacks occur when a hacker leverages a Bluetooth connection to penetrate and completely hijack someone’s device. BlueBorne attacks often target computers, smartphones, and connected Internet of Things (IoT) devices.

Attackers target the legacy secure connection authentication procedure on Bluetooth devices when establishing a connection during a BIAS attack. Successful BIAS attacks allow hackers to act as a man-in-the-iddle and intercept transmitted data between the two devices.

BlueBugging is a combination of bluejacking and bluesnarfing, where a hacker will establish a backdoor on a user’s device to hack it and often steal personal user data.

Safeguarding Your Bluetooth Devices

Bluetooth attacks are nothing new, but you must know how to defend against them. Even though Bluetooth technology has proven highly useful for most consumers, it can also be a gateway for malicious actors to take advantage of you, whether it's stealing your data or unlocking your car door. Be vigilant and protect yourself from bluejacking attacks.

3 views0 comments

Simple. Powerful. Cybersecurity.

IPG’s GearBoxTM is the first cybersecurity tool designed to secure and protect the Internet of Things (IoT).