Bluejacking
What is Bluejacking?
BluejackingA largely nuisance-level Bluetooth attack in which an attacker sends unsolicited messages or contacts to nearby discoverable Bluetooth devices.
Bluejacking abuses the OBEX object-push or contact-exchange features of older Bluetooth stacks: an attacker within radio range crafts a vCard or message with a payload in the name field and pushes it to any device whose Bluetooth is discoverable. The result is typically a surprise notification, sometimes used for shock, advertising, harassment, or as a social-engineering pretext, but it generally does not give the attacker control or data access (unlike bluesnarfing or bluebugging). Defences are straightforward: keep Bluetooth disabled or non-discoverable when not pairing, reject pairing requests from unknown devices, keep firmware up to date, and use modern Bluetooth versions with secure simple pairing.
● Examples
- 01
Sending a vCard with a provocative "name" to phones discoverable on a train or in a shopping mall.
- 02
Pushing a fake "You won a prize" contact card to phones in a café as a phishing pretext.
● Frequently asked questions
What is Bluejacking?
A largely nuisance-level Bluetooth attack in which an attacker sends unsolicited messages or contacts to nearby discoverable Bluetooth devices. It belongs to the Attacks & Threats category of cybersecurity.
What does Bluejacking mean?
A largely nuisance-level Bluetooth attack in which an attacker sends unsolicited messages or contacts to nearby discoverable Bluetooth devices.
How do you defend against Bluejacking?
Defences for Bluejacking typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Bluejacking?
Common alternative names include: Bluetooth message spam.