Bluesnarfing vs Bluejacking: Here’s Everything You Need To Know About it
Bluetooth is a high-speed, short-range wireless technology that allows the exchange of data between various devices. As essential as Bluetooth can be to provide us with ease of connecting to different devices, one thing you need to understand is that it also has its issues.
One of the few issues with Bluetooth is that it can present major security concerns. No doubt, Bluetooth security vulnerabilities aren’t as severe as those of other wireless networks. However, it’s worth noting that they can allow hackers to gain access to your data. While several different security risks can occur as a result of Bluetooth vulnerabilities, the two most common ones are Bluesnarfing and Bluejacking.
Bluejacking is a technique used for sending unsolicited messages to another Bluetooth device. On the other hand, Bluesnarfing is a strategy utilized by hackers to illegally acquire data from a device connected to certain Bluetooth connections.
Bluesnarfing and Bluejacking are two different security risks that result from Bluetooth vulnerabilities. In the rest of this article, I’ll be performing a face-off between the two of them so you can fully understand their differences. So, without further ado, let’s dive right in.
Here’s What You Need to Know About Bluesnarfing?
In March 2013, Google was able to pay a total of $7 million as a settlement fee for an unsolicited collection of wireless data. Although the intention of the search engine giant wasn’t theft, several people across the world condemned them for Bluesnarfing.
As earlier mentioned, Bluesnarfing is a technique employed by hackers to steal data or sensitive information from devices connected to a Bluetooth connection. This particular approach is common to desktops, mobile computers, smartphones, tablets, and personal digital assistants (PDAs).
Discovery of bluesnarfing
According to research, bluesnarfing started becoming a widely used technique among hackers in September 2003. At the time, the attack was first observed by researcher Marcel Holtmann.
However, Holtmann’s evidence didn’t become popular until Adam Laurie of A.L. Digital’s independent investigations discovered the same vulnerability in November 2003. While testing the security of Bluetooth-compatible devices, Laurie found a bug that makes bluesnarfing possible.
After the discovery, Laurie published on the Bugtraq blog a vulnerability disclosure notification. Of course, the purpose of the publication is to keep Bluetooth device manufacturers aware of Bluesnarfing.
How does bluesnarfing work?
To understand how bluesnarfing attacks work, let me start by briefly explaining the working principle behind Bluetooth.
For Bluetooth-compatible devices to communicate easily with another, they need to rely on the Object Exchange (OBEX) protocol. However, this protocol has security vulnerabilities, which allow hackers or attackers to gain unauthorized access to sensitive data using various tools, an example is Bluediving.
That said, to set up and run a bluesnarfing attack, hackers need to take advantage of the various vulnerabilities present in the OBEX protocol. They do that by connecting to various services – those that don’t require authentication while requesting information. Furthermore, as soon as the OBEX protocol is successfully compromised, a hacker can gain access to sensitive data belonging to other Bluetooth-enabled devices by pairing with them without the owner’s permission.
Here’s What You Need to Know About Bluejacking?
Bluejacking, as previously defined, is a technique used by hackers to send unsolicited messages as well as business cards and pictures, to other Bluetooth-compatible devices. As we all know, Bluetooth is a high-speed, short-range wireless technology. Since that’s the case, you need to understand that bluejacking will only work if your device is about 10 meters from Bluejacker’s Bluetooth-compatible device.
Simple steps for launching a bluejacking attack
For hackers to set up a bluejacking attack, here are some of the straightforward steps they usually employ:
- It all starts with the hacker choosing an area on his phone with plenty of mobile users – most likely the “Contact menu.”
- Next, he opens the contact menu and creates a new contact.
- Instead of saving a name and number at the appropriate fields, the hacker will proceed to save messages in the “name field.”
- Upon saving the messages (or business card), the hacker then chooses “send via Bluetooth” – this will allow Bluetooth to search for nearby devices for pairing.
- Next, the hacker will choose any nearby Bluetooth-compatible device and send the already saved messages.
- Lastly, the message will go directly to the recipient with the Bluetooth-compatible device chosen by the hacker. Of course, he or she will have zero clues as to the sender of the message.
The Face-Off: Bluesnarfing vs Bluejacking
Now, it’s time to begin the face-off between bluesnarfing and bluejacking.
First, unlike Bluesnarfing that involves the unauthorized hacking of people’s devices, Bluejacking doesn’t encourage hacking. According to the code of ethics of bluejacking, it’s an offense to gain unauthorized access to devices.
- Are they illegal?
Although Bluejacking involves sending unsolicited messages or business cards to active Bluetooth-connected devices, you need to understand that the technique isn’t illegal. However, this is never the case for Bluesnarfing as it involves illegally stealing sensitive data or information belonging to other people.
- Implementation cost
Another difference between Bluesnarfing and Bluejacking can be seen in their implementation. cost.
Starting with bluesnarfing, you need to understand that the technique requires implementation cost. At least, the hacker will have to pay for relevant tools to get the job done. However, bluejacking requires zero implementation cost; all that’s required is a Bluetooth-compatible device.
How to Prevent the Attacks?
There are a few ways to prevent yourself from being a victim of bluejacking and bluesnarfing.
- First, whenever you find yourself in public locations, ensure to disable your Bluetooth.
- Another way to prevent both attacks is by ensuring your Bluetooth is always on invisible mode.
- By performing regular updates on your Bluetooth-enabled device, you can also prevent attacks.