Spammed by Bluetooth

An Anonymous Reader writes "BBC News is reporting a new craze - using Bluetooth to send unsolicited messages. Apparently lots of phone owners are leaving Bluetooth switched on, meaning that anyone within range can send a short message. The phenomenon is known as "bluejacking". It's not clear at present that this is being done by anyone other than pranksters, but one can't help wondering, how long before commercial spammers catch on."

Yeah, I've done this.

[Nugget (7382)]

Heh. I had a long layover in Amsterdam last month and had hours of gleeful fun sending "boe" notes over bluetooth to all the other bluetooth phones I could see while drinking Heineken at the KLM Crown Lounge.

I've used this feature also to send quick notes to cow-orkers at the office when they were on the phone or we were busy in a meeting. It's handy and saves the absurd ten cent charge applied to an outbound SMS.

It's only a matter of time before it's rendered useless due to spam, I'm sure.

Re:Yeah, I've done this.

[GMontag (42283)]

I've used this feature also to send quick notes to cow-orkers at the office

Easily identified by their Gateway workstations.

Re:Yeah, I've done this.

[ePhil_One (634771)]

Yeah, I'm not sure this sort of thing is likely to be abused. Maybe a local store will pop a message to my phone with some sort of lure to get me in, but unlike most Spam that would be relevant and hopefully interesting. The range thing means I'd be within throwing distance of the "Spammer" to, so unwelcome offensive spam is likely to incur the potential for physical retaliation.

Could easily be abused...

[Chris Pimlott (16212)]

What's to stop an advertising company from installing a little box in Times Square or any other heavy traffic and then selling message time on it? What are you going to do, punch the box?

Re:Could easily be abused...

[MKalus (72765)]

What are you going to do, punch the box?

I would prefer damaging it so that they have to send someone to repair it, we all then wait for him or her and corner them, after they loose five or six people they'll think twice of sending out a repair crew.

Yeah! Anarchy! ;)

Re:Yeah, I've done this.

[aug24 (38229)]

It's only a matter of time before it's rendered useless due to spam, I'm sure.

Do you really think spammers are going to install bluetooth devices every ten yards to acheive that...?

Justin.

Re:Yeah, I've done this.

[realdpk (116490)]

Yeah, but not your classic spammer. Instead it'll be your Mom and Pop deli or quicky mart announcing the latest special as you walk by.

As soon as someone makes a device as easy to program as those LED bars, and as cheap, businesses will eat them up like candy.

commercial spamming?

[by Anonymous Coward]

because of the short range of bluetooth i think it'll be difficult to use this as commercial spamming.
or maybe we are going to see people wearing jacket or backpack hiding bt equipment in crowded area? :)

Re:commercial spamming?

[enjo13 (444114)]

Absolutely.. What you will see is kiosks that are setup in crowded areas (Airport terminals, malls, etc..) that continually look for devices to send messages to. Potentially big business.

At the most basic level, you'll see stores use this as a means to automatically transmit specials and what-not as you walk into the store.

Mom and Pop Stores

[cflorio (604840)]

I can see it now, Mom and Pop stores could have messages sent to your device as you walk past or near their entrance

Re:Mom and Pop Stores

[DrSkwid (118965)]

that is such a great idea, thanks, I shall start work on it, just as soon as I get a shop & a bluetooth phone 8)

Re:Mom and Pop Stores

[lildogie (54998)]

> Mom and Pop stores could have messages sent to your device as you walk past

As well as the prostitutes standing in front of their stores.

Re:Mom and Pop Stores

[Threni (635302)]

>As I recall, this was one of the intended applications of Bluetooth.

It's amusing just how many people think they've just discovered some renegade underground use of Bluetooth, rather than what it was invented for! What's next?
Post-jacking? "You can send post to people and it just turns up in their letterbox". Phone-jacking? "Give someone a ring, they'll have to answer to find out who it is!"

How does this work?

[Tony Hoyle (11698)]

Every bluetooth phone I've ever owned has required a PIN to be set when you activate it. Without the PIN you can't make a connection.

Then, when connection does succeed, a box pops up on the receiving phone asking whether you want to accept the connection.

It's difficult to see how that could be done without the owner knowing about it.

Re:How does this work?

[Nugget (7382)]

The PIN is used when pairing two devices. There are a variety of other options which require no such authorization to send things from phone to phone.

With my T616, I can create a note and then send that note to another phone via bluetooth whether I'm paired with that device or not.

Re:How does this work?

[Tony Hoyle (11698)]

In that case the proper word is not 'bluejacking' it's 'using bluetooth precisely in the way it was designed'. Sending short-range messages is one of its main purposes.

The article implies they're actually using the victims phone to do something nefarious.

Re:How does this work?

[mtg101 (321836)]

In normal operation, say between a PC and phone, you do need to 'pair' devices using a PIN. However for certain operations - like sending a vCard phone2phone, phones will allow connections to be made and messages to be sent without authorisation.

This allows a vCard (which may just be a message in the 'name' field) to be sent without authentication, or the target having to confirm receipt.

Worse than vCards, you can send pics this way. It may be funny to take a pic of someone with your phone and then 'bluejack' it too them - but I know people who've received some pretty nasty porn over bluejacking too.

Re:How does this work?

[bobdotorg (598873)]

Worse than vCards, you can send pics this way. It may be funny to take a pic of someone with your phone and then 'bluejack' it too them - but I know people who've received some pretty nasty porn over bluejacking too.

Nooooooooooo. I thought my phone was a goatse.cx free zone.

Grammar anyone?

[Pieroxy (222434)]

I don't want to sound too mean, but in the story , I read:

The phonomenon, known as "bluejacking".

No verb? What is that?

Re:Grammar anyone?

[CXI (46706)]

New reporting style
Make it sound like a haiku
People think it's cool

What's cool

[BWJones (18351)]

Bluejacking is on the edge of being cool. Things like this will be used by folks to contact others or be useful for a number of tasks until they become widely available and then the marketers will come in and take advantage of this. At that point, unless it continues to serve a useful function (like email), it will become more of a nuisance and folks will turn off "Bluetooth Discoverable".

ARGH!

[RMH101 (636144)]

*all* bluejacking is: turning on your bluetooth and scanning for nearby devices who's idiot owners haven't turned "discoverable" off. that's what "discoverable" means: your phone can be discovered and messaged. Nokia ships with this on by default.
it's not some cool hack, or anything, it's just a setting within bluetooth for exchanging information without pairing.

"Bluejacking" possibilities

[TWX (665546)]

Well, if they're in range, it shouldn't be hard to find someone engaging in commercial "bluejacking", so we can beat the crap out of them in front of everyone.

Or is it the removal of testicles that we're out for? I can never remember what the punishment for spamming is...

Re:"Bluejacking" possibilities

[FartSmeller (720280)]

Wow... does the potential for having someone send a message to your phone really invoke such ire? Somebody needs a hug...

I mean really, let's think about this: If you're walking in front of my coffee shop and I "bluejack" you with a coupon for a half-price latte, are you gonna come in and beat the crap out of me because I made your phone beep? I think we're so programmed to see (and hate!) 'spam' that we automatically get our hackles raised about something that could actually be a cool way to support sma

Re:"Bluejacking" possibilities

[ReelOddeeo (115880)]

let's think about this: If you're walking in front of my coffee shop and I "bluejack" you with a coupon for a half-price latte

Leave me alone! Leave my phone alone! Put a sign in your window.

Let's perform a thought experiment. Suppose you hire someone to stand out on the sidewalk and harass people that pass by to come into your store. Some people will call the police. Some people will punch that person in the nose. And perhaps there will be other responses as well. Some might try to get you som

Bluetooth directional antennas.

[G4from128k (686170)]

As bluetooth operates in the same 2.4 GHz band as WiFi, I'd bet some people are hooking up Bluetooth devices to cantennas for greater bluejacking range.

Re:Bluetooth directional antennas.

[Technician (215283)]

Last time I checked, a directional antenna works both ways. Has something changed that make the directional antenna provide gain when transmitting and not when receiving?

Think about it. The Dish antenna on top of houses for TV are to receive a weak signal, not send a signal.

A can antenna would not only increase your transmit range but also increase the receive range. I see no reason a cantenna would not work on one end to increase the 2 way connection.

Have I missed anything?

Re:Bluetooth directional antennas: 2-way gain

[G4from128k (686170)]

You are right and the grand-parent post is wrong. A directional antenna is bidirectional -- it both directs power to toward the distant reciever and amplifies power from a distant transmitter. If this was not true, then cantennas would not work for Wifi because Wifi, like bluetooth, requires bidirectional communications.

Well...

[GarfBond (565331)]

While I'm sure this could become a major problem in the future if it reaches critical mass, the beauty of Bluetooth is that it's designed for personal area networks. So, although it's bluetooth spam, it shouldn't reach anyone farther than 30 feet away from you or so. This by itself will make bluetooth spam a little harder to operate than just SMS or email spam.

Unless, of course, Microsoft makes a smartphone that has Outlook on it and bluetooth as an option... :)

The nice thing about bluetooth...

[Soulfader (527299)]

...is that it is fairly short range, so when you identify the spammer you can go punch them.

Re:The nice thing about bluetooth...

[Kingpin (40003)]

OR you can give their community website a good old fashioned slashdotting!

Bluetooth devices must include "off" switch

[kneecarrot (646291)]

Bluetooth-enabled devices must include an easy hardware switch which allows the convenient shutting off of Bluetooth functionality. An indicator light displaying the current status must also be included on the device. Devices like the Tapwave Zodiac [tapwave.com] are well designed and include these features.

no, they musn't

[RMH101 (636144)]

it's not part of the BT spec, and i don't remember ever seeing a device that had this. you turn it off in "software" which phone designers like as you don't have to clutter the already cluttered keypad with a button just to babysit idiots...

My phone has a blue LED that indicates, yes, you guessed it, that I'm using bluetooth. It *doesn't* mean I've been dumb enough not to realise that if you don't put a tick in the "discoverable" box that you can get short range messages from strangers.

Bluetooth viruses

[sfraggle (212671)]

Bluetooth spamming seems only of limited use; you have to get close enough to be able to send the message. Maybe from a car driving around a busy city or in a nightclub or crowded bar it might work.

What might be more interesting is bluetooth viruses. We're probably fairly safe since we dont have a monoculture in mobile phones like that which exists on the desktop, but you can just imagine bluetooth viruses hopping from phone to phone as their owner travels around :-). Plus the fact that its very difficult to update phones to fix holes could make this a pretty big problem if such security holes were found.

Re:Bluetooth viruses

[bobthemuse (574400)]

Forget viruses, what if someone discovers a way to send a malformed message which crashes the phone?

Even worse, some of the new phones offer 'over the air' programming updates. The right bug, and someone could render your phone useless....

Suspicious Timing

[elefantstn (195873)]

Is slashdot complicit [slashdot.org]?

YAGging

[Joel Rowbottom (89350)]

We've been doing this for ages in the UK. See here [nosignal.org] for Andy's [mailto] way of doing it ;)

Commercial Spammers

[FrostedWheat (172733)]

I doubt there would be spam like we have now on email, the range is simply to short. But I can see supermarkets or similar companys using this to send you messages while in there store.

Annoying sure, but at least semi-relevant to what your doing. And at least you can turn it off. (You can, can't you?)

this has been around for quite a while....example

[mike300zx (523956)]

When the Sony Ericcson's came out with bluetooth they made them come with the bluetooth turned off by default. When Nokia came out with their bluetooth phones they had them ship with it on by default. Soon on the Sony Ericson message boards people found they could discover the nokia's in a crowded place (movie theaters, etc.) and you could create a contact in you contact list and then send them that contact. This has the benifit that you message is actually the contact name which the person on the recieving end will actually see first so they don't have to click OK and then get the message...it's already there. Anyhow, it's much better in Europe for this type of thing as they've had GSM phone and associated cool features such as bluetooth for quite some time while America is just starting to catch on. I've done discoveries with mine and never had any success connecting or seeing any other bluetooth activated phone that wasn't purposly turned on for the connection. I wonder if Nokia has caught on and is leaving bluetooth off on their America bound phones.

range vs power?

[Shakrai (717556)]

Everybody is talking about how the damage will be limited because bluetooth has such a short range, but what happens if the spammers boost the power of their transmittors? Is this possible with Bluetooth (I admit I don't know)? If so, we may be in for more problems then the first few posts let on.

Sure, it may be illegal/immoral, but can we trust spammers to be legal and moral?

On another note how long until this is used to SPAM products designed to defeat this type of SPAM (ala Windows Messenger Service)?

Could you imagine bluejacking bombs?

[Refried Beans (70083)]

You could easily create a small battery powered embedded device running Linux that would just send out bluetooth messages. Drop that on a city bus or subway car and you could spam a ton of people really easily.

Perhaps I should be patenting an idea like that. ;)

what about Internet connection over BT phone?

[BigGerman (541312)]

I understand that some bluetooth phones are used to connect your PDA or laptop to the Internet.
Is it possible to place a laptop next to a phone, somehow hijack the connection, get the IP address, send 1000 spam messages and disconnect?
Should not take more than 30-50 seconds.

Re:what about Internet connection over BT phone?

[davidstrauss (544062)]

Not easily. I use exactly the technology you're describing. The phone must be paired with the PC to use the phone's modem (a.k.a. dial-up networking) profile. Also, it's not IP data going over the bluetooth connection. It's what would go over a serial cable to an external modem.

ermm.. NOT SPAM as such..

[SenseiLeNoir (699164)]

Blue tooth is a remarkably secure system requiring PIN numbers and autentication to do any form of connection.

WHat is actually happening here is the OBEX transfer part is beign utilised. Any Bluetooth phone that is set to discoverable will accept certain OBEX information (usually just vCards, and vCal files, and maybe notes). The phone ideally will accept the information and ask the user if he/she woudl liek the add the recieved infomation into their phonebook/calendar/notes. it is EXACTLY like the beam facility of Palm units, and others, just using Bluetooth for non-line of sight transfers.

What people do in "BlueJacking" is create a dummy addressbook entry, and send it to the unsuspecting user (usually Nokia users.. more on that later). I did it beofre once, when i was at a resteraunt and this idiot with a Nokia camera phoen was showing off and making a nuisence in front of some girls he was entertaining. So i sent a address "vCard" with the name "Stop Playing with yr BRICK" from my phone to his (his phone was discovered as "poser"?!!?!??!?!) SHoudl haev seen the look on his face.. especially in front of the girls..

However (unless you are a Nokia 7650/6310i/6xxx user) You have nothign to worry. Most phoens ship with bluetooth off or in none discoverable mode. The SOny Ericssons only stay "discoverable" for a maximum of three minuites. The blueJackign craze started in the (Sony)Ericsson community when it was discovered some (if not most) Nokia Bluetooth phones were shipped default with Bluetooth on and discoverable, so it was a prank to those users!

As was pointed out, it is extremely easy to make a phoen none discoverable, and most ppl have cottoned on.

So as for "spam" via blue tooh, it isnt going to happen, unless you are EXTREMELY stupid... then again..... there is a hell of a lot of stupid people :O

brutus the Honeypot

[JVert (578547)]

Meet brutus, he's the bluetooth honeypot. When someone sends a message he doesn't like he pummels everyone within 15 feet.

Bluejacking : a growing problem in taxis ...

[kobotronic (240246)]

At least in Copenhagen this phenomenon is quite common. It seems, every other time I get in a taxi I get a bluetooth transmitted business card from the company or sometimes specifically the driver of the taxi. The first time this happened it was a slightly novel new thing I didn't mind much - but now I find myself cursing the people who implemented this standard for not doing it like on Palm where you have to 'accept' the infrared beamed cards. On the Nokia cellphones it's just stored without question so if this practice gets more widespread, soon your address book will be seriously burdened with unwanted business cards. Just finding them will be a big hassle. That's when you switch off bluetooth I guess.

Re:Bluejacking : a growing problem in taxis ...

[yelvington (8169)]

Not sure what you mean by "On the Nokia cellphones it's just stored without question."

On my Nokia 3650, Bluetooth is turned off by default, and even when it is on, vcards are NOT inserted into the address book automatically. Incoming objects are saved to a folder, but I have to open the card and explicitly save the data in order to place it in my address book.

ABigHairyDick

[The Mutant (167716)]

When I'm bored I'll change my iPaq 5450 BlueTooth device identification to ABigHairyDick and then look for phones.

Great fun when someone's phone beeps, and on the screen they see "Accept connection from ABigHairyDick?"

Puzzeled frowns usually result although after this article I'm sure to get my smirking ass beat good.

Re:Authorization

[mikecouk (556182)]

they're sending an address book entry, with the message they wish to send as the "name" of the contact.

Re:Im sure posting it to slashdot

[Shakrai (717556)]

will allow this to stay under the radar of spammers. What better way to keep it secret than inform thousands of people

Because the best security method is security via obscurity. It's been proven time after time.

(Sorry to post the obvious in response to a flamebait... someone's gotta do it, do I deserve the mod downs that may follow? ;)