Blue jacking is the process of sending an anonymous message from a Bluetooth enabled phone to another, within a range of 10 meters. Not only does the recipient not know the exact source of the received message, but also blue jacking allows people to send free messages to one another without having to pay any money to the cellular operators. Since blue jacking utilizes the Bluetooth technology present on the mobile phone handset itself all messages that are sent using it are free. The best part about blue jacking is that it allows an attacker to send anonymous messages to the victim.
In other words, it is very difficult or almost impossible for a victim to figure out the source of a received message. Each time a message or a file was transferred between two devices then both devices knew each other’s identity. This made it extremely easy for an attacker to trace the source of a received file or message. With the Bluetooth, which allows the transfer of a message or a file within a radius of 10 meters in any direction, it becomes very difficult for a user to trace the received message or file to its actual source. Each time blue jacking is performed the victim tries to match the displayed name to every single person around them in a radius of 10 meters in all directions. The best way to prevent this type of attack is to turn off the Bluetooth on your phone.
1. Create a new address book contact on the Bluetooth enabled device. Enter the anonymous message that has to be sent to the victim in the Name field of the Address book. For example, you can write, ‘You look really beautiful in that blue dress;, as the anonymous message in the Name field.
2. Scan for victim mobile phones that are within a range of 10 meters at that point of time. This process should not take more than 10 seconds or so and soon an entire list of names of Bluetooth enabled devices will appear on the screen. Although the name of a particular mobile phone can be changed by the user, however by default it is set to the phone model number by the manufacturer. Typically, this step is also known as discovery.
3. Send the new address book contact that you just created to the victim mobile phone using the Bluetooth communication protocol by choosing the name from the displayed list. The victim will receive this anonymous message on his phone and will react with either a startled or shocked expression.