BLUEJACKING

Presented By:

AVINASH NAHAK

1

PAGE OF CONTENTS

• Introduction

• Origin

• OBEX Protocol

• OBEX Objects

• How to Bluejack

• Bluejacking Software

• Usage and Related Concepts

• Preventive Measures

• Future Aspects

• Code of Ethics

• Conclusion

2

INTRODUCTION

• Bluejacking is a hacking method that involves sending of unsolicited messagesover Bluetooth to Bluetooth-enabled devices. Bluejacking allows phone users tosend business cards anonymously using Bluetooth wireless technology. Bluejackingdoes not involve the removal or alteration of any data from the device.

• Unsolicited - Message transmitted in response to a locally occurring event.

• Bluetooth has a very limited range usually around 10 meters on mobile phones,but laptop can reach up to 100 meters with powerful transmitters. Bluejacking alsomean for sending a vCard which typically contains a message in the name field(i.e. for blue dating or blue chat) to another Bluetooth enabled device via theOBEX PROTOCOL.

3

RIGIN

4

Bluejacking was reportedly first carried out by a Malaysian IT consultant who used his phone to

advertise Sony Ericsson. Becoming bored while standing in a bank queue, Ajack did a Bluetooth

discovery to see if there was another Bluetooth device around. Discovering a Nokia 7650 in the

vicinity, he created a new contact and filled in the first name with ‘Buy Ericsson!' and sent a business

card to the Nokia phone.

“A guy a few feet away from me suddenly had his 7650 beep. He took out his 7650 and started

looking at his phone. I couldn't contain myself and left the bank,” he says.

He also invented the name, which he claims is an amalgam of Bluetooth and Ajack, his username on

Esato, a Sony Ericsson fan online forum. Jacking is, however, an extremely common shortening of

hijack, the act of taking over something.

OBEX PROTOCOL

• OBJECT EXCHANGE is a transfer protocol that defines data objects and a communication protocol for devices that can exchange data and commands in a resource-sensitive standardized fashion.

• This technology works over Bluetooth and Infrared Data Association (IrDA) protocols. OBEX is primarily used as a push or pull application. The typical example could be an object push of business cards to someone else.

• It performs a function that is similar to Hypertext Transfer Protocol (HTTP) but it does not require the resources that an HTTP server requires making it perfect for low‐end devices with limited resources.

5

6

VERSITCARD

• A vCard is an electronic business (or personal) card

and also the name of an industry specification for the

kind of communication exchange that is done on

business or personal cards.

• vCards are often attached to e-mail messages, but

can be exchanged in other ways, such as on the

World Wide Web. They can contain name and

address information, phone numbers, URLs, logos,

photographs, and even audio clips.

• vCard was developed by a consortium founded by

Apple, AT&T, IBM, and Siemens, which turned the

specification over to an industry group, the Internet

Mail Consortium (IMC) in 1996.

OBEX

• The figure to the right depicts part of the hierarchy of the Bluetooth architecture and shows the placement of the OBEX protocol and the application profiles using it .

• The protocol can also communicate with the service discovery DB even though the figure does not show it.

7

OBEX OBJECTS• OBEX works by exchanging objects, which are used for a variety of purposes:

establishing the parameters of a connection, sending and requesting data, changing the current path or the attributes of a file.

• Objects are composed of fields and headers. As an example, the following may be the object used for requesting the phonebook from a mobile:

8

PROTOCOLS

The following protocols runs over OBEX, or have bindings to do so:

1. OBEX Push: used for transferring a file from the originator of the request to the recipient.

2. OBEX File Transfer Protocol : Used to store and retrieve files.

3. Phonebook Access : Similar to file transfer, but uses a target. Phonebook entries can be listed and retrieved from certain directories.

4. IrMC : Used to exchange phonebooks entries, calendar notes, messages, etc.; in its connected form.

5. SyncML : Used to synchronize phonebooks, calendars, notes and other data.

9

HOW TO BLUEJACK

• Assuming that you now have a Bluetooth phone in your hands, the first thingto do is to make sure that Bluetooth is enabled. You will need to read thehandbook of the particular phone (or PDA etc.) that you have but somewherein the Menu item you will find the item that enables and disabled Bluetooth.

• Your phone or PDA will start to search the airwaves for other devices withinrange. If you are lucky you will see a list of them appear, or it will say that itcannot find any. If the latter happens then relocate to another crowd or wait awhile and try again. If you have a list of found devices then let the fun begin.

10

11

STEP1First get into the contacts Then choose options

STEP3Then choose "New contact"

STEP4Then in the first line choose your desired message

STEP5Then press done

STEP6 Then go to the contact

STEP7Then press options

STEP8Then scroll down to send

STEP9Then choose "Via Bluetooth"

STEP10Then the phone will search for enabled Devices.

STEP11Then select & send your message

STEP2

12

13

BLUEJACKING SOFTWARES

1. Bluespam

BlueSpam searches for all discoverable Bluetooth devices and sends a file to them (spams them) if they support OBEX. By default a small text will be send. 3.3.2. Meeting point

2. Meeting point

It is the perfect tool to search for Bluetooth devices. You can set your meeting point to a certain channel and meet up with people you’ve not met before. Combine it with any bluejacking tools and have lots of fun. This software is compatible with pocket PC, palm, Windows.

14

3. Magic Blue Hack

This Bluejacking Software is one of the newer software to help blue jack mobile phones. While the security backdoor has been patched in the newer phones, as long as pairing was previously done, the software can gain easy access the device.

4. Freejack

Freejack is compatible to java phone like Nokia N-series.

5. Easyjacking (eJack)

Allows sending of text Messages to other Bluetooth enables devices.

6. Proximitymail

15

USAGE• Bluejacking can be used in many fields and for various purposes. The main fields where the bluejacking

is used are as follows:

- Busy shopping centre

- Train Station

- High Street

- On Trains and Buses

- Movie Theatres

- Cafés and Restaurant

- Shopping Centres

- Electronics Shop

16

PLACE OFEXISTENCE 28%

38%

11%

13%

9%1%

Public Transporatation Shopping Malls Restaurants Bars Cafes Home

• The data indicate that bluejacking is an activity that primarily occurs in public spaces, outside of the home. Bluejacks frequently occurred in public .

• This suggests that bluejackersare targeting strangers, presumably taking advantage of anonymity, opportunities for interaction and available Bluetooth enabled devices afforded by densely populated public spaces.

17

RELATED CONCEPTS

BLUEBUGGING• Bluebugging is a technique that

allows skilled hackers to access mobile commands on Bluetooth-enabled devices that are in discoverable mode.

• BlueBug is the name of a Bluetooth security loophole on some Bluetooth-enabled cell phones. Exploiting this loophole allows the unauthorized downloading of phone books and call lists, the sending and reading of SMS messages from the attacked phone and many more things.

BLUESNARFING• Bluesnarfing is the unauthorized

access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs.

• This allows access to a calendar, contact list, emails and text messages and on some phones users can steal pictures and private videos. Currently available programs must allow connection and to be 'paired' to another phone to steal content.

18

PREVENTIVE MEASURES

19

• Prevent bluejacking by turning your Bluetooth device off in certain public areas.Locations include shopping centers, coffee houses, movie theaters, eateries, bars andclubs, public transportation vehicles, phone and electronic stores.

• Set the Bluetooth device to hidden, invisible or non-discoverable mode from themenu. This prevents the sender from seeing your device. Check your manufacturer'smanual for disabling procedure. The phone maintains functionality in other modes.

• Ignore bluejacking messages by refusing or deleting them. The messages vary butthe typical messages come from an admirer, a jokester or someone sending abusiness card. Consider bluejacking the same way you think about spam.

FUTURE ASPECTS

1. Advertising

Advertising on mobile devices has large potential due to the very personal and intimate nature ofthe devices and high targeting possibilities. We introduce a novel B-MAD system for deliveringpermission-based location-aware mobile advertisements to mobile phones using Bluetoothpositioning and Wireless Application Protocol (WAP) Push. Experimental results show that thesystem provides a viable solution for realizing permission-based mobile advertising.

20

2. Viral Communication

Exploiting communication between consumers to share content such as text, images and Internetreferences in the same way that brands such as Budweiser, Honda, CoLabs and even John West Salmon,have created multimedia content that has very quickly been circulated with the help of Bluetooth andaround the Internet.

21

22

3. Community Activities

Dating or gaming events could be facilitated using Bluetooth as a channel to communicate between

participants. The anonymous nature of bluejacking makes is a superb physiological tool for

communication between individuals in a localized environment such as a café or pub.

4. Guerrilla Marketing

It was originally a marketing strategy in which low cost, unconventional means(including the use of

graffiti, sticker bombing, flyer posting, etc.) were used in a (generally) localized fashion to draw

attention to an idea, product, or service. Today, guerrilla marketing includes promotion through a

network to popularize a product or concept.

23

5. Location Based Services

Bluejacking could be used to send electronic coupons or promotional messages to consumers as

they pass a high street shop or supermarket. To date SMS text messaging has been used with

mixed success as a mechanism to send consumer’s location based information. Rainier PR believes

that viral communication and to a lesser extent event based activities offer the greatest opportunity

for bluejacking as a marketing mechanism. Already companies are looking at ways of exploiting the

technology in these two areas.

CODE OF ETHICS

• Bluejackers will only send messages/pictures. They will never try to 'hack' a device for the purpose of copying or modifying any files on any device or upload.

• Any such messages or pictures sent will not be of an insulting, libelous or pornographic nature.

• If no interest is shown by the recipient after 2 messages the bluejacker will desist and move on.

• The Bluejacker will restrict their activity to 10 messages maximum unless in exceptional circumstances e.g. the continuous exchange of messages between bluejacker & victim

• If the Bluejacker senses that he/she is causing distress rather than mirth to the recipient they will immediately deceases all activity towards them.

• If a Bluejacker is caught 'in the act' he/she will be as co-operative as possible and not hide any details of their activity.

24

We conclude that in future this technology can become thekey for advertising and to interact with new people, with theworld and to get the location messages on the phone whenwe are out somewhere. Because of its low cost and powerconsumption this technology has a great future ahead.

CONCLUSION25

Get the add-in

THANK YOU

QUESTIONS