Bluejacking Technology : Research

Vandita
Department of Computer Science & Engineering
Shri Balwant Institute of Technology
Sonepat,Haryana,India
Cse15324.sbit@gmail.com

Abstract-Bluejacking is the sending of unsolicited

messages over Bluetooth to Bluetooth-enabled devices such
as mobile phones, PDAs or laptop computers, sending a II. HISTORY
vCard which typically contains a message in the name field
(i.e., for bluedating or bluechat) to another Bluetooth- Bluejacking was allegedly first conducted by a Malaysian IT
enabled device via the OBEX protocol. Bluetooth has a consultant, ‘Ajack’ (his username a Sony Ericsson online forum),
very limited range, usually around 10metres.Bluejacking who used his Bluetooth-enabled phone to publicize Sony
allows phone users to send business cards anonymously Ericsson. He also coined the name, which is an amalgam of
using Bluetooth wireless technology. Bluejacking does not Bluetooth and hijacking. While standing in a bank queue, Ajack
involve the removal or alteration of any data from the turned on his Bluetooth, discovered a Nokia 7650 in the vicinity,
device. Bluejackers often look for the receiving phone to created a new contact with ‘Buy Ericsson!' as the first name, and
ping or the user to react. In order to carry out a sent that business card to the Nokia phone. The recipient of the
bluejacking, the sending and receiving devices must be Nokia phone standing a few feet away from him was startled to
within 10 meters of one another. Phone owners who receive see such an ‘advertisement’. Ajack posted this story on Sony
bluejack messages should refuse to add the contacts to Ericsson forum and other people started trying it out.
their address book. Devices that are set in non-discoverable Bluejacking has become a rage amid young people keen to play
mode are not susceptible to bluejacking Bluetooth practical jokes. A 13-year-old girl named Ellie from Surrey, UK
Technology was developed to solve the simple problem of has created a website called ‘bluejackq’ where people can share
eliminating the connector cable. The idea is to replace the their bluejacking experiences.
cables that are needed to accompany portable devices
carried by many mobile travelers with a low-cost, secure, III. BLUEJACKING TECHNOLOGY
robust RF link. Originally Bluetooth marketed to small
The Bluetooth port of the mobile phones is subject to threat
handheld devices such as cell phones and laptops. As the
of bluejacking attack. Bluejacker carefully crafts the
Bluetooth standard emerged successfully into society, the
identification that devices exchange during association and
world demanded more. It is reported on Lets Go Digital in
an article written by Ilse Jurrien that three new Bluetooth then transmits short, deceitful text messages into
products are qualified every day and 10 million Bluetooth authentication dialogs. Thus, bluejacker tricks the user and
units are shipped per week. Bluetooth is so efficient, gains access to user’s phone book, calendar, or file residing on
effective, and secure that even the IEEE approved the the device. Bluejacking is based on following technologies:
802.15.1 Standard for Wireless Person Area Networks. A. Bluetooth Technology
1) Bluetooth as a Wireless Technology: Bluetooth, the
Keywords— Bluejacking, Bluejackaddict, Bluetooth Exchange,
OBEX, vCard.
latest development in wireless communications
technology is a wireless standard that is designed
I.INTRODUCTION for very short-range (less than 10 meters). It is a de
Bluejacking is an attack conducted on Bluetooth-compatible facto standard, as well as a specification short
devices, such as smart phones, laptops and PDAs. Bluejacking range radio links. It is most appropriate for
is instigated by an attacker (termed as bluejacker or communication between computers or mobile
bluejackaddict) who forwards unsolicited messages to a user devices and peripheral devices, such as to connect
of Bluetooth-enabled device. When the connection goes a wireless keyboard or mouse to a desktop PC, to
through, the bluejacker tries to send a message to the recipient. send print jobs wirelessly from a portable PC to a
The actual message sent to the user’s device does not cause printer, or to connect a mobile phone to an
detriment, but is used to inveigle the user to counter react in earpiece.
some manner or add the new contact to the device’s address
book.This message-transmitting attack resembles spam and 2) Usage of Bluetooth: Since Bluetooth devices
phishing attacks conducted against email users. Bluejacking automatically recognize each other when they get
can be perceived as either infuriating or amusing, though it is within transmission range, handheld/desktop PC’s
relatively risk-free since the recipient has the option to decline. and mobile devices can always be networked
Bluejacking sure makes for an interesting wake-up call in wirelessly when they are within range. Bluetooth
close-knit environments like underground metro trains, buses, signals can transmit through clothing and other
malls and cinemas. non-metallic objects, so a mobile phone or other
device in a pocket or briefcase can connect with
the user’s Bluetooth headset, without having to be
removed from the pocket or briefcase. Some
 4) Devices supported by OBEX:
industry experts predict that major household appliances will
be Bluetooth-enabled in the future, resulting in an automatic, i. All Palms since Palm III, except the Pal Pre, Palm
always connected, smart home. Pre Plus, Palm Pixi and Palm Pixi Plus.
3) Bluetooth Frequency Specification and Operating ii. Most Sharp, Motorola, Samsung, Sony Ericsson,
Principle: HTC and Nokia phones with infrared or Bluetooth
Bluetooth works using radio signals in the frequency brand of port.
2.4GHz, the same as Wi-Fi, and supports data transfer rates of iii. LG EnV Touch
up to 3Mbps. Once two Bluetooth- enabled devices come iv. Many other PDAs since 2003.
within range of each other, their software identifies each other C. vCard Functionality
and establishes a link. Because there may be many Bluetooth
devices within the range, up to 10 individual Bluetooth 1) vCard as a Standard of Communication: Address
networks (called Piconets) can be in place within the same Book exchanges contact information with other
physical area at one time. Each Piconet can connect up to eight programs primarily through vCards. vCard is short
devices, for maximum of 80 devices within any 10-meter for virtual business card. More and more email
radius. programs send and receive these electronic
business cards, which can be identified by their
4) Bluetooth as Cable Replacement Technology: .vcf filename extensions.
Bluetooth is competent of transmitting voice, data, video 2) History: The vCard standard has been around since
and still images. It can be used to wirelessly synchronize 1996 and the current version, version 3.0, is
and transfer data among devices and can be thought of as a specified by the IETF. The vCard or Versitcard was
cable replacement technology. originally proposed in 1995 by the Versit
5) Future Trends in Bluetooth Technology: consortium, which consisted of Apple Computer,
The Bluetooth Special Interest Group is an industry group AT&T Technologies (later Lucent), IBM and
consisting of leaders in the telecommunications, computing, Siemens. In December 1996 ownership of the
and networking industries that are driving development of format was handed over to the Internet Mail
the technology and bringing it to market. Consortium, a trade association for companies
with an interest in Internet e-mail.
B. OBEX Protocol 3) vCard Features:
1) OBEX as the heart of Bluetooth file transfer: i. vCards are structured blocks of text data that
The heart of file transfer over Bluetooth is called Object provide what is more or less an electronic business
Exchange, or OBEX protocol, a binary file transfer protocol card. The data can include name, address,
run over not merely Bluetooth but also Infrared and even telephone numbers (home, business, fax, pager,
generic TCP/IP. The Open OBEX project offers the most cellular, ISDN, voice, data, video), e-mail
ubiquitous open source implementations of the protocol. addresses and related internet URLs.
ii. vCards can also include graphics and multimedia,
including photographs, company logos, audio
2) Usage of OBEX: clips, along with geographic and time-zone
It is a session layer protocol designed to enable systems of information.
various types to exchange data and commands in a resource- iii. vCards are also designed to support multiple
sensitive standardized fashion. The OBEX protocol is languages and are transport and operating system
optimized for ad-hoc wireless links and can be used to independent.
exchange all sorts of objects, like files, pictures, calendar
entries, and business cards. It also provides some tools to 4) Applications of vCards:
enable the objects to be recognized and handled intelligently i. Infrared Exchange
on the receiving side. ii. Bluetooth Exchange
iii. Internet Mail
iv. Computer/Telephony Applications
3) OBEX’s operating functionality and resemblance to v. Video and data conferencing
HTTP: OBEX is designed to provide push and pull
functionality in such a way that an application using
OBEX does not need to get involved in managing
physical connections. The application only takes an object
and sends it to the other side in a “point-and-shoot”
manner. This is similar to the role of that HTTP serves in
the Internet protocol suite although HTTP is designed
more for data retrieval.
 IV. PROCESS OF BLUEJACKING 3) Meeting point: Meeting point is the perfect tool to
The fundamental course of action of bluejacking is quite search for Bluetooth devices. One can set the
concise, trouble-free and effortless. It can be implemented by meeting point to a certain channel and combine it
using the following steps: with any bluejacking tool. This software is
Step 1: Go to contacts in the phone book (if using mobile) or compatible with pocket PC, palm, Windows.
address book program like Outlook (if using PCs/laptops). 4) Free jack: Free jack is compatible with java
Step 2: Choose the “New Contact” option. Consecutively, phones like Nokia N-series.
create a new contact. 5) Btscanner: A Bluetooth scanning program that can
Step 3: Enter the desired message into the ‘name’ field with perform inquiry and brute-force scans, identify
which one wants to bluejack the other device. Messages like Bluetooth devices that are within range, and export
‘you have been bluejacked!’ startle the victim. the scan results to a text file and sort the findings.
Step 4: Press Done/OK option. Save this new contact in the
phone/address book of mobile phone/laptop respectively. 6) BlueBug: A tool that exploits a Bluetooth security
Step 5: Click on the contact created. Go to action. Choose “via loophole on some Bluetooth-enabled cell phones.
Bluetooth” or “Send to Bluetooth” option. It allows the unauthorized downloading of phone
Step 6: Click the ‘Search’ option for discovering active books and call lists, and the sending and reading of
Bluetooth devices. Select a device from the list. SMS messages from the attacked phone.
Step 7: After the selection of the device, the message would be
transmitted to it. Henceforth, the device would be bluejacked. VI. APPLICATIONS OF BLUEJACKING
The insecure “discoverable” mode of Bluetooth provides a
vehicle for bluejacking propagation. Amongst the various
diversified applications of bluejacking, its use is in advertising
domain is significantly popular. Advertising on mobile devices
has a momentous potential due to the intimate nature of the
devices and the high targeting likelihood. It is an endorsement
communiqué conduit.
1) Viral interaction: Bluejacking can be utilized to
exploit the communication paradigm between
consumers and producers to share content such as
text, images, videos and Internet references.
Certain brands have already created multimedia
content that has very rapidly been circulated
around using bluejacking technology. Thus,
bluejacking has replaced the conventional
advertising via standardized broadcasting medium.
2) Community Activities: Social Networking or
gaming events can be facilitated using Bluetooth
Fig. 1 vCard saved in .vcf format, viewed using ‘Windows Contacts’ as a channel for potential participants to converse.
application, shows various parameters along with ‘Add to my contacts’ option.

V. BLUEJACKING TOOLS
Bluetooth wireless technology has suffered some bad press
and in particular has been associated with a new buzz word
‘Bluejacking’ which has emerged as a potential security issue
due to its facilitation of unauthorized access to confidential
information. The very phenomenon of Bluejacking has
evidently exhibited that Bluetooth is amply vulnerable to
attacks. Furthermore, the availability and continuous
development of bluejacking tool intensifies the Bluetooth
security paradigm. Some of the prime bluejacking tools are:
1) RedFang: A small proof-of-concept application
used to find undiscoverable Bluetooth devices.
2) Bluesniff: A proof-of-concept tool for a Bluetooth
wardriving.
 VII. Advantages

1) A bluejacker will only send a text message, but with modern

phones it is possible to send images or sounds.

2) We can easily transfer data from mobile to mobile in a short .

period.
3) We can enjoy music by wireless headphones through X. REFERENCES
Bluejacking.
[1] Information Security Management Handbook, Sixth
Edition. Edited by Harold F. Tipton, Micki Krause.
VIII. Disadvantages [2]Do You Speak American? Words That Shouldn't Be? Sez
Who? Cyberspace | PBS.
1)Bluejacking is also confused with Bluesnarfing which [3]http://en.wikipedia.org/wiki/OBject_EXchange#Supported_d
is the way in which mobile phones are illegally hacked. evices, Devices supported by OBEX protocol.
[4] Ariadn Web Magazine for Information Professionals
2) Virus attacks. Overview of content related to 'vcard'.
[5] Mining Bluetooth Attacks in Smart Phones, Seyed Morteza
Babamir, Reyhane Nowrouzi, Hadi Naseri.
[6] https://www.bluetooth.org/apps/content/, Bluetooth Special
Interest Group.
[7] Guide to Bluetooth Security, Special Publication 800-121,
National Institute of Standards and Technology, U.S.
Department of Commerce.
[8] Bluejacking ‘a harmless prank' By Stephen Whitford, IT
Web Journalist.
[9] PocketMagic. Bluetooth BlueJacking. By Radu Motisan.
September 16th, 2008.
[10] Bluetooth group drops ultrawideband, eyes 60 GHz,
Report: Ultrawideband dies by 2013, Incisor Magazine
November 2009.

Fig. 3 Go to Fig. 4 Choose ‘New Fig. 5 Create a new

Contacts Option Contact’ Option contact with ‘You Are
S Bluejacked’ as the name

IX. CONCLUSION
Bluetooth is a great technology with many useful applications.
At the same time, variety of Bluetooth hacking tools and
techniques are available, Bluejacking being the most vulnerable
of the lot, which makes it a little riskier to use this technology.
Bluetooth is not going to go away because of a few security
flaws; instead it can be secure if configured properly and used
carefully with a proper understanding of this wonderful
technology.
Best practices to mitigate the Bluejacking threats against the
Bluetooth are: user awareness, disable device when not in use,
use an unidentifiable device name, employ security mode 3 or
4, disable unused services and profiles, set device to non-
discoverable mode when not in use, use non-guessable PIN
codes of at least 12 or more alphanumeric characters and
perform pairing only when absolutely required.
Many users take privacy for granted. Unfortunately, the
Bluetooth system wasn’t intended for confidential purposes.
Although improvement in the domain of Bluetooth security.