Security

What is bluejacking, and how can you stay safe from it?

Jacob Fox

Jun 7, 20249 min read

What is bluejacking, and how can you stay safe from it? Header image

Bluejacking is where an attacker sends an unsolicited pop-up message to you over Bluetooth. This can be done for a number of reasons. Most of these reasons are relatively harmless, but sometimes, bluejacking can be done to try to steal your personal information or install malware on your device.

If you want to know how bluejacking works, how you can spot it, and what you can do about it, read on.

What is bluejacking in cybersecurity? 

The bluejacking definition, also known as Bluetooth hijacking or bluejacking, is a cyberattack in which someone sends content to your Bluetooth device without your consent. This is usually a pop-up pairing request that includes a message.

While it’s usually less of a threat than other types of hacking, social engineering, scamming, and cybersecurity attacks, bluejacking still poses a risk.

Bluejacking may be used as a relatively harmless prank or to advertise products or services via spam messages, but it can also be used to try to get you to click on a sketchy phishing link that will steal your data or install malware on your device.

The origin of bluejacking

IT Web reported the first known instance of bluejacking in 2003. According to the publication, the first person to bluejack was a Malaysian IT consultant who went by the name “Ajack” on online forums, and he did it as a prank when he was bored.

According to IT Web, while in a bank queue, “Ajack did a Bluetooth discovery to see if there was another Bluetooth device around. Discovering a Nokia 7650 in the vicinity, he created a new contact and filled in the first name with ‘Buy Ericsson!’ and sent a business card to the Nokia phone.” The Nokia user received the Bluetooth message.

After sharing his story online, others started pranking using bluejacking. Over the years, however, and as more and more people became aware of bluejacking, the technique started to be used for more nefarious purposes, such as phishing attempts.

How does bluejacking work?

Bluejacking techniques are simple and straightforward to perform compared to other cyberattack methods.

First, the bluejacking attacker scans for discoverable Bluetooth devices. Because most Bluetooth devices can only connect to other devices via Bluetooth up to about 30 feet away, bluejackers must do this in person, usually in crowded places such as shopping malls, where they’re more likely to discover vulnerable devices.

Once they find a discoverable Bluetooth device, they send a Bluetooth pairing request to the victim. As part of this request, they include a message. The goal is to get the victim to read or interact with this message, which might, for example, be an advertisement, a prank message, or a phishing link.

What is the difference between bluejacking and bluesnarfing?

While both bluejacking and bluesnarfing are Bluetooth cyberattacks, bluesnarfing is much more dangerous and nefarious than bluejacking.

Bluesnarfing is when an attacker secretly connects to your device over Bluetooth or listens in to your data transmissions over Bluetooth, and accesses your personal information such as your emails, photos, and text messages. It’s called bluesnarfing because it’s done over Bluetooth, and “snarfing” is a techie term referring to data copying that often requires no user interaction (i.e., that can be done in secret).

Here are some of the main differences when comparing bluejacking vs. bluesnarfing:

  • Data access: Attacks attempt to access your private data, such as your emails, photos, contacts, and messages. Bluejacking attacks can’t directly give access to your data.
  • Done in secret: Bluesnarfing attacks occur in secret, during which the attacker can steal your information without you being aware of it. Bluejacking attacks, on the other hand, are always visible because a message is sent to your device.
  • Diverted calls and texts: Bluesnarfing attacks can sometimes be used to divert calls and texts from your device to the attacker’s.
  • Sophisticated hacking tools: Unlike bluejacking attacks, bluesnarfing attacks use sophisticated hacking tools. One common tool that hackers use is Bluediving, a Bluetooth penetration testing tool that uses exploits such as BlueBug and BlueSnarf.
An image depicting a black hat hacker.
Image: Pexels.

How does bluejacking differ from bluesmacking?

Like bluejacking and bluesnarfing, bluesmacking is a cyberattack performed over Bluetooth. Bluesmacking, however, seeks to disrupt a device rather than steal information or send unsolicited messages.

Bluesmacking attacks are denial-of-service (DoS) attacks performed over Bluetooth. DoS attacks flood a target device, system, or server with too many data packets or data packets that are too large. This causes the device, system, or server to stall, shut down, or stop sending and receiving legitimate data. These attacks are sent over Bluetooth’s L2CAP protocol layer.

Here are some of the main differences when comparing bluejacking vs. bluesmacking:

  • Unresponsive device: The goal of bluesmacking is usually to make the target device unresponsive or at least to disrupt the device from functioning normally. Bluejacking attacks, on the other hand, just seek to display a pop-up message.
  • Done in secret: Like with bluesnarfing, bluesmacking is often done in secret, without the victim’s knowledge. Bluejacking, however, involves sending a message to the victim in the hopes they see it.
  • No theft of personal information: While bluejacking doesn’t directly give access to a victim’s personal information, it’s often done with the intent of stealing it, for example, by getting them to click on a phishing link. Bluesmacking, however, only seeks to disrupt the target device.
  • Sophisticated hacking tools: While bluesmacking tools aren’t as sophisticated as bluesnarfing tools, bluesmacking technology is more sophisticated than bluejacking technology. One common bluesmacking tool is l2flood, which uses the linux command l2ping.

Examples of bluejacking attacks

Bluejacking attacks can be done for all kinds of reasons, but some are more common than others. Here are some of the most common examples of bluejacking attacks:

  • Business advertisements: Someone might use bluejacking to send an unsolicited advertisement to your phone, which pops up as a Bluetooth message. Because Bluetooth attacks are close-range, such advertisements will likely be for a local business or service.
  • Phishing links: Someone might use bluejacking to send you a phishing link under a pretext, for example, by telling you you’ve won a prize and should click on the link to claim it. When you click on the link, the website will install malware on your device or try to steal your personal information.
  • Accessing your device: While uncommon, a bluejacking attack might be used to attempt to set up a bluesnarfing attack. The attacker might send you a Bluetooth message in the hopes you accept the pairing request. Then, when your device is paired with theirs, they’ll try to access your personal files and information.
  • Harmless pranks: Bluejacking in cybersecurity might be used to perform a harmless prank, to surprise someone with an unsolicited message. This was the original purpose of bluejacking.
  • Explicit pranks: Bluejacking might be used to perform pranks that are more harmful, for example, to send unsolicited, nasty messages or those that contain explicit material or links to explicit content.

How can you spot a bluejacking attack?

Bluejacking attacks are pretty simple to spot once you know what to look out for. Here are some of the most common signs of a bluejacking attack.

Unknown Bluetooth messages

The first and most obvious sign of a bluejacking attack is that you’re receiving unknown Bluetooth messages. These messages might appear as pop-ups on your phone under a request to pair your device to another one over Bluetooth.

Unfamiliar Bluetooth devices

Bluejacking attackers often send multiple messages and multiple requests, so it’s possible that you could accept a pairing request from them without realizing it.

If you’ve done so, you should see their device in the list of Bluetooth devices connected to your own in your Bluetooth settings. If you notice any unfamiliar Bluetooth devices on this list, you might be getting targeted by a bluejacking attack.

Local advertisements

Bluejacking attacks are often used to advertise local businesses, products, and services. If, for example, you notice an unsolicited pop-up on your phone advertising a local takeout restaurant, this might be a bluejacking attack.

Some bluejacking attacks attempt to get you to click suspicious links, which will be used to collect your personal information or install malware on your device. Any unsolicited link appearing on your device should be treated with caution. If it appears as a pop-up Bluetooth message, then this is likely a bluejacking attack.

Generic greetings

If a message is from a legitimate person you know or a service or organization you have an account with, it should address you by name. Bluejacking messages, however, will usually address you generically, perhaps with a simple “hello” or a “sir/madam.”

Urgency

One common social engineering technique that phishing scammers will use is to create a sense of urgency so you don’t pause to consider the legitimacy of the message you’ve received.

This applies to bluejacking messages, too. If a Bluetooth message pops up and tries to scare you into urgently doing something, such as following a link, it’s probably a bluejacking attack.

An image of an iPhone with social media apps.
Photo: Pexels. iPhone is a trademark of Apple Inc.

How to protect yourself from bluejacking

Just as bluejacking attacks are easy to spot, they are also easy to protect yourself from. Here are some simple and easy ways to stay safe from bluejacking in cybersecurity.

Disable Bluetooth discovery

Bluejacking attacks rely on your device being discoverable over Bluetooth. As such, keeping your device hidden from Bluetooth searches can prevent it from being targeted by a bluejacking attack.

Most devices have a way to disable Bluetooth discovery, making them hidden from Bluetooth searches. An iPhone, for example, should have Bluetooth discovery disabled by default. It will only be enabled if you enable the option on the Bluetooth Settings page.

Unpair Bluetooth devices

If you’re worried that you might be the target of a bluejacking attack, it’s best to unpair all your Bluetooth devices just in case one of these is the attacker’s. (Maybe you accepted a pairing request without realizing it.)

On iPhone, you can unpair Bluetooth devices by going to Settings > Bluetooth, then selecting a device and pressing Forget This Device.

Turn off Bluetooth

One sure way to ensure that your device can’t be targeted by a bluejacking attack is to turn off Bluetooth. Most devices have an easy way to temporarily disable Bluetooth. For example, on iPhone, you can press the Bluetooth icon in the drop-down notification panel to turn off Bluetooth for the day. You can do this when visiting busy places where a bluejacker is more likely to target.

Bluejacking messages often include a suspicious link with a message that tries to trick you into clicking on it. It’s best to ignore unsolicited Bluetooth messages altogether, but you should certainly not click on any unsolicited links because they could take you to a website that steals your data or installs malware on your device.

While a website might look legitimate, it could be a fake copy of a real one that’s sending everything you enter, including your login or banking information, back to the attacker.

Keep your devices up-to-date

Bluejacking can become a serious cybersecurity concern when it’s used as a precursor to something more serious such as a bluesnarfing attack. These more serious attacks often rely on devices using exploitable Bluetooth protocols and services. Keeping your device up-to-date and ensuring that all security updates are installed should reduce the risk of such attacks.

Check for malware

If you’ve clicked on a link from a bluejacking attack, you should scan for malware just in case the website you visited installed it on your device. You can use a simple tool such as CleanMyMac powered by Moonlock Engine to scan for malware and remove any malicious software that it finds from your device.

Bluejacking attacks involve sending unsolicited messages to your device over Bluetooth. While these attacks are usually more annoying than dangerous, they can be used to try to get you to click on links to websites that steal your information, or they can be a precursor to something scarier, like a bluesnarfing attack.

Thankfully, there’s plenty you can do to protect yourself from bluejacking. You should avoid interacting with any unsolicited pop-up Bluetooth messages, especially if they contain links or attachments. And if you don’t want to receive these messages in the first place, disable your Bluetooth or make your device undiscoverable by Bluetooth.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by the Bluetooth Special Interest Group. Bluetooth is a trademark of the Bluetooth Special Interest Group.

Jacob Fox Jacob Fox
In addition to being an academic, Jacob is a lifelong technology expert and cybersecurity writer who has helped his readers understand information security for almost five years. He has written for TechRadar, PCGamer, and other online technology publications.