November 06, 2003

Are You Ready for Bluejacking?

It seems there's no end to the imagination of high-tech cell phone users. First there was cell phone camera "voyeurism", which prompted a number of organizations to ban or otherwise restrict them (think potential trade secret and other leaks). So much so that cell manufacturers are now being asked to sell special editions without the cameras to various organizations. But enough on the cameras.

"Bluejacking" is the latest craze. In essence, it's a way to surreptitiously send messages to strangers, from one Bluetooth-enabled cell phone to another. For example, your Bluetooth phone mysteriously receives a message, "You've been Bluejacked!" Gizmodo has a nice summary of the process. Ironically, it's actually done by sending a new contact record to another phone that's in "discoverable" mode, but it appears to the recipient as a message. That's because the sender types the message into the name field. At this point, it sounds like a harmless prank to watch people's puzzled reactions or perhaps a clever way to break the ice with an attractive stranger. But if you're like me, the idea of leaving one's device open to pranksters doesn't generate any warm fuzzies.

In the U.S., Bluetooth phones have not truly taken off yet, so most people don't have to worry for now. This is really quite similar conceptually to what happened with open Wi-Fi access points. Either people don't realize they can enable simple security or they don't want to because the lack of security makes it easier to connect devices on the fly -- which enables Bluejackers to have their bit of fun. At least the good news is that Bluetooth is a short-range radio technology, with a range of only 30 to 40 feet, but newer developments are extending its range. That's about the same range for cell phone cameras, and look at the mischief it's caused.

And in case you were wondering, yes, there are more than a few people who find this quite amusing and can't wait to try it -- it's the latest tech craze. Just check out the forum chat at Mobiledia.

My suggestion is that if you have a Bluetooth-enabled device (who said this is only limited to cell phones?), I'd recommend searching through its settings, or heaven forbid, read the manual to see whether there are any password features worth enabling. If necessary, one can disable the security if things aren't connecting when desired. With the possible exception of Bluetooth wireless headsets, I'll wager that most Bluetooth cell phone owners are not even using their Bluetooth connection most of the time. So it just makes sense to close the open hole.

Again, this seems like a bit of harmless fun at the moment, rather like the digital equivalent of "ding dong ditch" or prank phone calls. Although it's possible some miscreant could find more serious implications. Thus if you'd like to learn more about Bluejacking, head on over to BluejackQ, which further explains Bluejacking and freely offers the steps, tips, and tricks for the Bluejacker wannabe.

Topic(s):   Mobile Tech & Gadgets  |  Privacy & Security
Posted by Jeff Beard