1. PRESENTED BY : HAMMAD KHAN
MUHAMMAD ADEEL
MUZAMMIL NAZ
MASOOD KARIM
BLUEJACKING
2. TABLE OF CONTENTS
• Bluejacking
• History
• Bluejacking technology
• Places where Bluejack occurs Stats
• How it works
• How to Prevent Being Bluejacked
• Good Practices for Bluetooth Enabled Devices
• References
3. ”
“ Section : A
Bluejacking , History , Bluejacking technology & Places
where Bluejack occurs statistics
Presented By : Masood Karim
Let’s Start
4. BLUEJACKING
• Bluejacking is a hacking method that allows an individual to send
anonymous messages to Bluetooth-enabled devices within a certain
radius.
• First, the hacker scans his surroundings with a Bluetooth-enabled
device, searching for other devices. The hacker then sends an
unsolicited message to the detected devices.
• Bluejacking is also known as blue hacking.
5. HISTORY
• “Ajack” (Malaysian IT Consultant) posted a comment on a mobile phone forum.
• Ajack told IT Web that he used his Ericsson cell phone in a bank to send a message to someone with a
Nokia 7650.
• Ajack did a Bluetooth discovery to see if there was another Bluetooth device around.
• Discovering a Nokia 7650, he created a new contact and filled in the first name with ‘Buy Ericsson! and
sent a business card to the Nokia phone.
6. BLUEJACKING TECHNOLOGY
• Bluetooth technology : Bluetooth is a wireless technology standard for exchanging data over short
distances from fixed and mobile devices, and building personal area networks
• vCard : vCard, also known as VCF (Virtual Contact File), is a file format standard for electronic business
cards. vCard are often attached to e-mail messages, but can be exchanged in other ways, such as on the
World Wide Web or instant messaging. They can contain name and address information, telephone
numbers, e-mail addresses, URLs, logos, photographs, and audio clips.
• OBEX protocol : OBEX (abbreviation of OBject EXchange, also termed IrOBEX) is a communications
protocol that facilitates the exchange of binary objects between devices. It is maintained by the Infrared
Data Association but has also been adopted by the Bluetooth Special Interest Group
7. PLACES WHERE BLUEJACK OCCURS
Home
Cafes
Public transportation
Stores and shopping malls
Restaurants
Bars
0 5 10 15 20 25 30 35
8. ”
“ Section : B
How Bluejack works , How to Prevent Being Bluejacked & Good
Practices for Bluetooth Enabled Devices
Let’s Start
Presented By : Muhammad Adeel
9. HOW DOES THIS WORKS
• Step 1 – Create a new contact on the mobile phone’s contact list.
• Step 2 – Enter a “Bluejacking” message in the name field such as, “I am a master Bluejacking specialist.”
• Step 3 – Choose the new contact and select the “Send via Bluetooth” menu option. The purpose of this
option on mobile phones is to forward contact data to others.
• Step 4 – The phone will now display a list of devices that are in its range. If the phone cannot find a
device, it just means that it is not in range of a Bluetooth enabled device. Select a contact from the
listing and send a message.
• Step 5 – If a user chooses to Bluejack other devices, he/she should be aware of the security laws in
his/her place of residence. In some locations, sending unsolicited messages via Bluejacking may be
illegal.
10. HOW TO PREVENT BEING BLUEJACKED
• To prevent being Bluejacked, disable Bluetooth on the mobile device when not in use.
• The device will not show up on a “Bluejacker’s” phone when he/she attempts to send a message and
they do not queue up.
• Buy an E2X bag: It blocks all transmissions and receiving signals from leaving the bag.
11. GOOD PRACTICES FOR BLUETOOTH ENABLED DEVICES
• Whether someone is unwilling to partake in Bluejacking or just does not want to be bothered with
these messages, the following are some good practices to consider:
• Do not reveal an identity when either sending or receiving Bluejacked messages.
• Never threaten anyone.
• Never send messages that can be considered abusive.
• Never reveal personal information in response to a Bluejacked message.
• Disable Blue Tooth while away from one’s car or home in order to prevent Bluejacked messages.
• If a Bluejacking message is received, delete the message voice accepting it or it will be added to the
device’s address book.
13. BLUESNARFING
• The Bluesnarfing attack is much more damaging to the bluejacking technique as it enables you to
wirelessly connect to Bluetooth enables mobile phones without any knowledge from the owner and
copy their the mobile phone's address book, their SMS messages, their call logs
• Most bluesnarfing tools are downloaded as JAR files.
• The Bluesanrfing technique works like the Bluejacking technique by making use of the exchange of
business cards. This exchange is done using the OBEX protocol and enables the Bluetooth machine to
connect to the device which needs to be compromised but instead of exchanging a business card, it
request for information (the phonebook file, the call logs etc.) from the target.
14. BLUECASTING
• Advertising to users with Bluetooth cellphones.
• As people walk within the vicinity of a store and Bluetooth is turned on in their phones, a message can
be sent to the phone that entices them to come inside.
15. BLUEBUGGING
• The Bluebugging attack is more powerful than the bluejacking and bluesnarfing attacks.
• It allows the attacker to take complete control of your mobile phone without the user knowing
anything about it.
• They can make phone calls, listen to conversations where the phone is located. Bluesanrfing capabilities
also exist in bluebugging tools like copying the phone book and the phone's call list.
16. HOW TO BLUEJACK
• 1. Find a busy place where lots of mobile phones might be, such as shopping centres, trains, bars or
cinemas
• 2. Create a new entry in your phone's address book like 'Hi you've been bluejacked'. Attach a picture if
you want to.
• 3. Search the area for other Bluetooth phones to contact and choose one.
• 4. Send your message. They then receive the message, 'Hi you've been bluejacked'.
• 5. Keep a look out for when your 'victim' gets the message and the puzzled look on their face.
17. ”
“ Section : D
Security Tips to prevent attacks , Uses of Bluejacking & Code Of
Ethics
Presented By : Hammad Khan Laghari
Let’s Start
18. SECURITY TIPS TO PREVENT ATTACKS ON MOBILE PHONES:
• Enable Passcode Lock on Your phone
• The most basic precaution you can take is to enable passcode lock and set it to automatically engage after a brief period
of inactivity. By default, a passcode is not required to unlock the phone.
• Most people would put off this security measure for ease of use and convenience. However, the truth is that once you
have it enabled, it becomes second nature and you would not notice any difference. It is recommended that you set a
strong passcode. In the event of a physical theft, this will increase the effort required to compromise your phone.
• Disable Features That Could Be Accessed Without Entering the Passcode
• This would prevent the use of applications from your phone without your knowledge.
• Disable geotagging on the phone.
• This will prevent attackers find out where you are located.
19. CONTINUE
• Erase All the Data Before Return, Repair, or Resale of Your phone.
• Erase all confidential information so that attackers cannot retrieve your personal information.
• Regularly Update the phone's Firmware or Operating system.
• This will enable you to get the latest security features for your mobile phones.
• Disable Bluetooth When Not in Use
• Disabling Bluetooth when not in use will prevent attackers from getting access to you phone when not in use.
20. USES OF BLUEJACKING
• Busy shopping center
• Starbucks
• Train Station
• High Street
• On a train/ tube/ bus
• Cinema
• Café/ restaurant/ pub
• Mobile phone shop
• Electronics shop (e.g. Dixons)
22. ”
“Thank You Everyone Hope You’ve Find Useful Information
Presenter : Hammad Khan , Muhammad Adeel , Muzammil Naz & Masood Karim
Technology is a useful servant but a dangerous master.
23. FOR PRESENTER INFORMATION
• Bluetooth Special Interest Group (SIG) is the body that oversees the development of Bluetooth
standards and the licensing of the Bluetooth technologies and trademarks to manufacturers
• The Bluetooth protocol stack is split in two parts: a "controller stack" containing the timing critical radio
interface, and a "host stack" dealing with high level data. The controller stack is generally implemented
in a low cost silicon device containing the Bluetooth radio and a microprocessor. The host stack is
generally implemented as part of an operating system, or as an installable package on top of an
operating system.
24. FOR PRESENTER INFORMATION
• Connection Type Spread Spectrum (Frequency Hopping) & Time Division Duplex (1600 hops/sec)
• Spectrum 2.4 GHz ISM Open Band (79 MHz of spectrum = 79 channels)
• Modulation Gaussian Frequency Shift Keying Transmission Power 1 mw – 100 mw
• Data Rate 1 Mbps Range 30 ft Supported Stations 8 devices
• Data Security –Authentication Key 128 bit key
• Data Security –Encryption Key 8-128 bits (configurable) Module size 9 x 9 mm