A complete presentation on Bluejacking

1. BLUEJACKING
Presented By:
AVINASH NAHAK
1

2. PAGE OF CONTENTS
• Introduction
• Origin
• OBEX Protocol
• OBEX Objects
• How to Bluejack
• Bluejacking Software
• Usage and Related Concepts
• Preventive Measures
• Future Aspects
• Code of Ethics
• Conclusion
2

3. INTRODUCTION
• Bluejacking is a hacking method that involves sending of unsolicited messages
over Bluetooth to Bluetooth-enabled devices. Bluejacking allows phone users to
send business cards anonymously using Bluetooth wireless technology. Bluejacking
does not involve the removal or alteration of any data from the device.
• Unsolicited - Message transmitted in response to a locally occurring event.
• Bluetooth has a very limited range usually around 10 meters on mobile phones,
but laptop can reach up to 100 meters with powerful transmitters. Bluejacking also
mean for sending a vCard which typically contains a message in the name field
(i.e. for blue dating or blue chat) to another Bluetooth enabled device via the
OBEX PROTOCOL.
3

4. RIGIN
4
Bluejacking was reportedly first carried out by a Malaysian IT consultant who used his phone to
advertise Sony Ericsson. Becoming bored while standing in a bank queue, Ajack did a Bluetooth
discovery to see if there was another Bluetooth device around. Discovering a Nokia 7650 in the
vicinity, he created a new contact and filled in the first name with ‘Buy Ericsson!' and sent a business
card to the Nokia phone.
“A guy a few feet away from me suddenly had his 7650 beep. He took out his 7650 and started
looking at his phone. I couldn't contain myself and left the bank,” he says.
He also invented the name, which he claims is an amalgam of Bluetooth and Ajack, his username on
Esato, a Sony Ericsson fan online forum. Jacking is, however, an extremely common shortening of
hijack, the act of taking over something.

5. OBEX PROTOCOL
• OBJECT EXCHANGE is a transfer protocol that defines data objects and a
communication protocol for devices that can exchange data and commands
in a resource-sensitive standardized fashion.
• This technology works over Bluetooth and Infrared Data Association (IrDA)
protocols. OBEX is primarily used as a push or pull application. The typical
example could be an object push of business cards to someone else.
• It performs a function that is similar to Hypertext Transfer Protocol (HTTP) but
it does not require the resources that an HTTP server requires making it
perfect for low‐end devices with limited resources.
5

6. 6
VERSITCARD
• A vCard is an electronic business (or personal) card
and also the name of an industry specification for the
kind of communication exchange that is done on
business or personal cards.
• vCards are often attached to e-mail messages, but
can be exchanged in other ways, such as on the
World Wide Web. They can contain name and
address information, phone numbers, URLs, logos,
photographs, and even audio clips.
• vCard was developed by a consortium founded by
Apple, AT&T, IBM, and Siemens, which turned the
specification over to an industry group, the Internet
Mail Consortium (IMC) in 1996.

7. OBEX
• The figure to the right
depicts part of the
hierarchy of the
Bluetooth architecture
and shows the
placement of the OBEX
protocol and the
application profiles
using it .
• The protocol can also
communicate with the
service discovery DB
even though the figure
does not show it.
7

8. OBEX OBJECTS
• OBEX works by exchanging objects, which are used for a variety of purposes:
establishing the parameters of a connection, sending and requesting data,
changing the current path or the attributes of a file.
• Objects are composed of fields and headers. As an example, the following may
be the object used for requesting the phonebook from a mobile:
8

9. PROTOCOLS
The following protocols runs over OBEX, or have bindings to do so:
1. OBEX Push: used for transferring a file from the originator of the request to the
recipient.
2. OBEX File Transfer Protocol : Used to store and retrieve files.
3. Phonebook Access : Similar to file transfer, but uses a target. Phonebook entries
can be listed and retrieved from certain directories.
4. IrMC : Used to exchange phonebooks entries, calendar notes, messages, etc.; in
its connected form.
5. SyncML : Used to synchronize phonebooks, calendars, notes and other data.
9

10. HOW TO BLUEJACK
• Assuming that you now have a Bluetooth phone in your hands, the first thing
to do is to make sure that Bluetooth is enabled. You will need to read the
handbook of the particular phone (or PDA etc.) that you have but somewhere
in the Menu item you will find the item that enables and disabled Bluetooth.
• Your phone or PDA will start to search the airwaves for other devices within
range. If you are lucky you will see a list of them appear, or it will say that it
cannot find any. If the latter happens then relocate to another crowd or wait a
while and try again. If you have a list of found devices then let the fun begin.
10

11. 11
STEP1First get into the
contacts Then choose options
STEP3Then choose
"New contact"
STEP4
Then in the first line
choose your desired
message
STEP5Then press done
STEP6 Then go to the
contact
STEP7Then press options
STEP8
Then scroll down to
send
STEP9Then choose
"Via Bluetooth"
STEP10
Then the phone will
search for enabled
Devices.
STEP11
Then select & send
your message
STEP2

12. 12

13. 13

14. BLUEJACKING SOFTWARES
1. Bluespam
BlueSpam searches for all discoverable Bluetooth
devices and sends a file to them (spams them) if they
support OBEX. By default a small text will be send. 3.3.2.
Meeting point
2. Meeting point
It is the perfect tool to search for Bluetooth devices. You
can set your meeting point to a certain channel and
meet up with people you’ve not met before. Combine it
with any bluejacking tools and have lots of fun. This
software is compatible with pocket PC, palm, Windows.
14

15. 3. Magic Blue Hack
This Bluejacking Software is one of the newer software to
help blue jack mobile phones. While the security backdoor
has been patched in the newer phones, as long as pairing
was previously done, the software can gain easy access the
device.
4. Freejack
Freejack is compatible to java phone like Nokia N-series.
5. Easyjacking (eJack)
Allows sending of text Messages to other Bluetooth enables
devices.
6. Proximitymail
15

16. USAGE
• Bluejacking can be used in many fields and for various purposes. The main fields where the bluejacking
is used are as follows:
- Busy shopping centre
- Train Station
- High Street
- On Trains and Buses
- Movie Theatres
- Cafés and Restaurant
- Shopping Centres
- Electronics Shop
16

17. PLACE OF
EXISTENCE 28%
38%
11%
13%
9%
1%
Public Transporatation Shopping Malls Restaurants Bars Cafes Home
• The data indicate that
bluejacking is an activity that
primarily occurs in public
spaces, outside of the home.
Bluejacks frequently occurred
in public .
• This suggests that bluejackers
are targeting strangers,
presumably taking advantage
of anonymity, opportunities
for interaction and available
Bluetooth enabled devices
afforded by densely
populated public spaces.
17

18. RELATED CONCEPTS
BLUEBUGGING
• Bluebugging is a technique that
allows skilled hackers to access
mobile commands on Bluetooth-
enabled devices that are in
discoverable mode.
• BlueBug is the name of a Bluetooth
security loophole on some Bluetooth-
enabled cell phones. Exploiting this
loophole allows the unauthorized
downloading of phone books and
call lists, the sending and reading of
SMS messages from the attacked
phone and many more things.
BLUESNARFING
• Bluesnarfing is the unauthorized
access of information from a wireless
device through a Bluetooth
connection, often between phones,
desktops, laptops, and PDAs.
• This allows access to a calendar,
contact list, emails and text messages
and on some phones users can steal
pictures and private videos. Currently
available programs must allow
connection and to be 'paired' to
another phone to steal content.
18

19. PREVENTIVE MEASURES
19
• Prevent bluejacking by turning your Bluetooth device off in certain public areas.
Locations include shopping centers, coffee houses, movie theaters, eateries, bars and
clubs, public transportation vehicles, phone and electronic stores.
• Set the Bluetooth device to hidden, invisible or non-discoverable mode from the
menu. This prevents the sender from seeing your device. Check your manufacturer's
manual for disabling procedure. The phone maintains functionality in other modes.
• Ignore bluejacking messages by refusing or deleting them. The messages vary but
the typical messages come from an admirer, a jokester or someone sending a
business card. Consider bluejacking the same way you think about spam.

20. FUTURE ASPECTS
1. Advertising
Advertising on mobile devices has large potential due to the very personal and intimate nature of
the devices and high targeting possibilities. We introduce a novel B-MAD system for delivering
permission-based location-aware mobile advertisements to mobile phones using Bluetooth
positioning and Wireless Application Protocol (WAP) Push. Experimental results show that the
system provides a viable solution for realizing permission-based mobile advertising.
20

21. 2. Viral Communication
Exploiting communication between consumers to share content such as text, images and Internet
references in the same way that brands such as Budweiser, Honda, CoLabs and even John West Salmon,
have created multimedia content that has very quickly been circulated with the help of Bluetooth and
around the Internet.
21

22. 22
3. Community Activities
Dating or gaming events could be facilitated using Bluetooth as a channel to communicate between
participants. The anonymous nature of bluejacking makes is a superb physiological tool for
communication between individuals in a localized environment such as a café or pub.
4. Guerrilla Marketing
It was originally a marketing strategy in which low cost, unconventional means(including the use of
graffiti, sticker bombing, flyer posting, etc.) were used in a (generally) localized fashion to draw
attention to an idea, product, or service. Today, guerrilla marketing includes promotion through a
network to popularize a product or concept.

23. 23
5. Location Based Services
Bluejacking could be used to send electronic coupons or promotional messages to consumers as
they pass a high street shop or supermarket. To date SMS text messaging has been used with
mixed success as a mechanism to send consumer’s location based information. Rainier PR believes
that viral communication and to a lesser extent event based activities offer the greatest opportunity
for bluejacking as a marketing mechanism. Already companies are looking at ways of exploiting the
technology in these two areas.

24. CODE OF ETHICS
• Bluejackers will only send messages/pictures. They will never try to 'hack' a device for the
purpose of copying or modifying any files on any device or upload.
• Any such messages or pictures sent will not be of an insulting, libelous or pornographic
nature.
• If no interest is shown by the recipient after 2 messages the bluejacker will desist and
move on.
• The Bluejacker will restrict their activity to 10 messages maximum unless in exceptional
circumstances e.g. the continuous exchange of messages between bluejacker & victim
• If the Bluejacker senses that he/she is causing distress rather than mirth to the recipient
they will immediately deceases all activity towards them.
• If a Bluejacker is caught 'in the act' he/she will be as co-operative as possible and not
hide any details of their activity.
24

25. We conclude that in future this technology can become the
key for advertising and to interact with new people, with the
world and to get the location messages on the phone when
we are out somewhere. Because of its low cost and power
consumption this technology has a great future ahead.
CONCLUSION
25

26. Get the add-in
THANK YOU
QUESTIONS