Slashdot Mirror
Spammed by Bluetooth
An Anonymous Reader writes "BBC News is reporting a new craze - using Bluetooth to send unsolicited messages. Apparently lots of phone owners are leaving Bluetooth switched on, meaning that anyone within range can send a short message. The phenomenon is known as "bluejacking". It's not clear at present that this is being done by anyone other than pranksters, but one can't help wondering, how long before commercial spammers catch on."
Heh. I had a long layover in Amsterdam last month and had hours of gleeful fun sending "boe" notes over bluetooth to all the other bluetooth phones I could see while drinking Heineken at the KLM Crown Lounge.
I've used this feature also to send quick notes to cow-orkers at the office when they were on the phone or we were busy in a meeting. It's handy and saves the absurd ten cent charge applied to an outbound SMS.
It's only a matter of time before it's rendered useless due to spam, I'm sure.
I can see it now, Mom and Pop stores could have messages sent to your device as you walk past or near their entrance
Well, if they're in range, it shouldn't be hard to find someone engaging in commercial "bluejacking", so we can beat the crap out of them in front of everyone.
Or is it the removal of testicles that we're out for? I can never remember what the punishment for spamming is...
Do not look into laser with remaining eye.
As bluetooth operates in the same 2.4 GHz band as WiFi, I'd bet some people are hooking up Bluetooth devices to cantennas for greater bluejacking range.
Two wrongs don't make a right, but three lefts do.
While I'm sure this could become a major problem in the future if it reaches critical mass, the beauty of Bluetooth is that it's designed for personal area networks. So, although it's bluetooth spam, it shouldn't reach anyone farther than 30 feet away from you or so. This by itself will make bluetooth spam a little harder to operate than just SMS or email spam.
:)
Unless, of course, Microsoft makes a smartphone that has Outlook on it and bluetooth as an option...
...is that it is fairly short range, so when you identify the spammer you can go punch them.
Bluetooth-enabled devices must include an easy hardware switch which allows the convenient shutting off of Bluetooth functionality. An indicator light displaying the current status must also be included on the device. Devices like the Tapwave Zodiac are well designed and include these features.
I always save my last mod point to mod up a good troll. You people are too serious.
The PIN is used when pairing two devices. There are a variety of other options which require no such authorization to send things from phone to phone.
With my T616, I can create a note and then send that note to another phone via bluetooth whether I'm paired with that device or not.
What might be more interesting is bluetooth viruses. We're probably fairly safe since we dont have a monoculture in mobile phones like that which exists on the desktop, but you can just imagine bluetooth viruses hopping from phone to phone as their owner travels around :-). Plus the fact that its very difficult to update phones to fix holes could make this a pretty big problem if such security holes were found.
were you expecting to see a sig here? perhaps you'd rather see the inside of an ambulance!
In normal operation, say between a PC and phone, you do need to 'pair' devices using a PIN. However for certain operations - like sending a vCard phone2phone, phones will allow connections to be made and messages to be sent without authorisation.
This allows a vCard (which may just be a message in the 'name' field) to be sent without authentication, or the target having to confirm receipt.
Worse than vCards, you can send pics this way. It may be funny to take a pic of someone with your phone and then 'bluejack' it too them - but I know people who've received some pretty nasty porn over bluejacking too.
New reporting style
Make it sound like a haiku
People think it's cool
When the Sony Ericcson's came out with bluetooth they made them come with the bluetooth turned off by default. When Nokia came out with their bluetooth phones they had them ship with it on by default. Soon on the Sony Ericson message boards people found they could discover the nokia's in a crowded place (movie theaters, etc.) and you could create a contact in you contact list and then send them that contact. This has the benifit that you message is actually the contact name which the person on the recieving end will actually see first so they don't have to click OK and then get the message...it's already there. Anyhow, it's much better in Europe for this type of thing as they've had GSM phone and associated cool features such as bluetooth for quite some time while America is just starting to catch on. I've done discoveries with mine and never had any success connecting or seeing any other bluetooth activated phone that wasn't purposly turned on for the connection. I wonder if Nokia has caught on and is leaving bluetooth off on their America bound phones.
You could easily create a small battery powered embedded device running Linux that would just send out bluetooth messages. Drop that on a city bus or subway car and you could spam a ton of people really easily.
;)
Perhaps I should be patenting an idea like that.
Absolutely.. What you will see is kiosks that are setup in crowded areas (Airport terminals, malls, etc..) that continually look for devices to send messages to. Potentially big business.
At the most basic level, you'll see stores use this as a means to automatically transmit specials and what-not as you walk into the store.
Turn s60 photos into awesome videos with mScrapbook for all S60 3rd edition phones!
Blue tooth is a remarkably secure system requiring PIN numbers and autentication to do any form of connection.
:O
WHat is actually happening here is the OBEX transfer part is beign utilised. Any Bluetooth phone that is set to discoverable will accept certain OBEX information (usually just vCards, and vCal files, and maybe notes). The phone ideally will accept the information and ask the user if he/she woudl liek the add the recieved infomation into their phonebook/calendar/notes. it is EXACTLY like the beam facility of Palm units, and others, just using Bluetooth for non-line of sight transfers.
What people do in "BlueJacking" is create a dummy addressbook entry, and send it to the unsuspecting user (usually Nokia users.. more on that later). I did it beofre once, when i was at a resteraunt and this idiot with a Nokia camera phoen was showing off and making a nuisence in front of some girls he was entertaining. So i sent a address "vCard" with the name "Stop Playing with yr BRICK" from my phone to his (his phone was discovered as "poser"?!!?!??!?!) SHoudl haev seen the look on his face.. especially in front of the girls..
However (unless you are a Nokia 7650/6310i/6xxx user) You have nothign to worry. Most phoens ship with bluetooth off or in none discoverable mode. The SOny Ericssons only stay "discoverable" for a maximum of three minuites. The blueJackign craze started in the (Sony)Ericsson community when it was discovered some (if not most) Nokia Bluetooth phones were shipped default with Bluetooth on and discoverable, so it was a prank to those users!
As was pointed out, it is extremely easy to make a phoen none discoverable, and most ppl have cottoned on.
So as for "spam" via blue tooh, it isnt going to happen, unless you are EXTREMELY stupid... then again..... there is a hell of a lot of stupid people
Have a nice day!
At least in Copenhagen this phenomenon is quite common. It seems, every other time I get in a taxi I get a bluetooth transmitted business card from the company or sometimes specifically the driver of the taxi. The first time this happened it was a slightly novel new thing I didn't mind much - but now I find myself cursing the people who implemented this standard for not doing it like on Palm where you have to 'accept' the infrared beamed cards. On the Nokia cellphones it's just stored without question so if this practice gets more widespread, soon your address book will be seriously burdened with unwanted business cards. Just finding them will be a big hassle. That's when you switch off bluetooth I guess.
I would prefer damaging it so that they have to send someone to repair it, we all then wait for him or her and corner them, after they loose five or six people they'll think twice of sending out a repair crew.
Yeah! Anarchy!
If you want to e-mail me, use my PGP Key.