Bluesnarfing
What is Bluesnarfing?
BluesnarfingAn attack that exploits Bluetooth vulnerabilities to read or copy data — contacts, messages, calendar entries, files — from a nearby device without the owner's consent.
Bluesnarfing targets weaknesses in the OBEX Push, OBEX FTP, or PBAP profiles, historically reachable on older or misconfigured Bluetooth stacks even without proper pairing. An attacker within radio range can list and pull objects from the victim's phone (phonebook, SMS, files), making it a confidentiality attack rather than a control attack. Modern devices mitigate this with Secure Simple Pairing, BLE privacy features, OS-level permissions for each Bluetooth profile, and patched implementations. Defences include disabling discoverability, refusing pairings from unknown devices, keeping firmware up to date, and not pairing accessories in untrusted environments.
● Examples
- 01
Pulling contacts and SMS from an unpatched phone left in discoverable mode in a meeting room.
- 02
Historical attacks against older Sony Ericsson and Nokia phones that exposed PBAP without authentication.
● Frequently asked questions
What is Bluesnarfing?
An attack that exploits Bluetooth vulnerabilities to read or copy data — contacts, messages, calendar entries, files — from a nearby device without the owner's consent. It belongs to the Attacks & Threats category of cybersecurity.
What does Bluesnarfing mean?
An attack that exploits Bluetooth vulnerabilities to read or copy data — contacts, messages, calendar entries, files — from a nearby device without the owner's consent.
How do you defend against Bluesnarfing?
Defences for Bluesnarfing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Bluesnarfing?
Common alternative names include: Bluetooth data theft.