Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such. as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in. the name field (i.e for bluedating or bluechat) to another Bluetooth enabled device via the OBEX. protocol.
The information in this slide is not mine but it is adapted from various search engines and websites like google, yahoo, twitter etc. The theme of the slides is taken from slidesgo. you can find this theme under the category technology. Hope you guys like it and it helps you.
3. INTRODUCTION
01
Sending of unsolicited messages over
Bluetooth to Bluetooth-enabled devices
such as mobile phones, PDAs or laptop
computers via the OBEX protocol is
Bluejacking.
4. BLUETOOTH
Bluetooth is a wireless technology that
provides short range communications.
Bluetooth is used for sending messages or
connecting to remote headsets or various
other devices.
5. Advantages
and
disadvantages
of bluetooth
It avoids interference from other wireless
technologies and is very cheap to use. Also
free if it’s already installed in device.
The technology is also adopted in many
products such as headsets, in car system,
printer, webcam, GPS, keyboard, mouse etc.
Battery drains easily, it is not secure and
works very slow.
6. BLUEJACKING
02 Bluejacking is a hacking method
that involves sending of
unsolicited messages over
Bluetooth to Bluetooth-enabled
devices.
7. ORIGIN
Bluejacking was reportedly first carried
out by a Malaysian IT consultant named
Ajack who used his phone to advertise
Sony Ericsson. He also invented the
name, which he claims is an amalgam
of Bluetooth and Ajack, his username
on Esato, a Sony Ericsson fan online
forum. Jacking is, however, an
extremely common shortening of hijack,
the act of taking over something.
BLUEJACKED
8. OBEX PROTOCOL
03
OBJECT EXCHANGE is a transfer protocol that
defines data objects and a communication
protocol for devices that can exchange data and
commands in a resource-sensitive standardized
fashion.
9. PROTOCOLS
OBEX PUSH
Used for
transferring file
OBEX FILE TRANSFER
Used to store and
retrieve files
PHONEBOOK ACCESS
Similar to file transfer,
but uses a target.
IRMC
Used to exchange
phone books entries
10. A VersitCard is an electronic
business (or personal) card and also
the name of an industry
specification for the kind of
communication exchange that is
done on business or personal cards.
Vcard
Vcard
11. How to
Bluejack?
04 Assuming that you now have a Bluetooth phone in
your hands, the first thing to do is to make
sure that Bluetooth is enabled. You will need
to read the handbook of the particular phone
(or PDA etc.) that you have but somewhere in
the Menu item you will find the item that
enables and disabled Bluetooth.
12. Steps to bluejack
Select an area with plenty of
mobile users.
Go to contacts in your
Address Book.
Step 1
Step 2
15. Steps to bluejack
Choose one phone and send
the contact
You will get the message
"card sent" and then listen for
the SMS message tone of your
victim's phone.
Step 7
Step 8
18. Bluejacking can be used in many
fields and for various purposes.
The main fields where the
bluejacking is used are as follows:
-
Busy shopping centre - Train
Station - High Street - On Trains
and Buses - Movie Theatres -
Cafés and Restaurant - Shopping
Centres - Electronics Shop
USAGE
18
19. PREVENTIVE MEASURE
TURNING OFF
turn your Bluetooth
device off in certain
public areas
HIDDING
Set the Bluetooth
device to hidden
IGNORING
Ignore bluejacking
messages by refusing
or deleting them
20. Users can equip their gadgets with mobile security
products such as Symantec Mobile Security Suite
5.0, which include antivirus, firewall, anti-SMS spam
and data encryption technologies, that are easy to
deploy, manage and maintain.
The layered security in Symantec Mobile Security
Suite 5.0, would help IT administrators to provide
layered security in order to mitigate the unique
security risks of mobile devices.
TOOLS TO PREVENT
20
21. The main goal of Security Testing is to identify the threats in the system and
measure its potential vulnerabilities, so the threats can be encountered, and the
system does not stop functioning or can not be exploited. It also helps in
detecting all possible security risks in the system and helps developers to fix the
problems through coding.
In bluejacking, security hackers can use a security tool like Intruder
for identifying threats.
Intruder is an enterprise-grade vulnerability scanner that is easy to use.
Providing intelligently prioritized results as well as proactive scans for the latest
threats, Intruder helps save time and keeps businesses of all sizes safe from
hackers.
SECURITY TESTING
21
22. Bluejackers will only send messages/pictures.
They will never try to 'hack' a device for the
purpose of copying or modifying any files on
any device or upload.
CODE OF
ETHICS
1
If no interest is shown by the recipient after 2
messages the bluejacker will desist and move
on. • The Bluejacker will restrict their activity
to 10 messages maximum unless in
exceptional circumstances
If a Bluejacker is caught 'in the act' he/she will
be as co-operative as possible and not hide
any details of their activity.
2
3
23. We conclude that in future this
technology can become the key for
advertising and to interact with
new people, with the world and to
get the location messages on the
phone when we are out
somewhere. Because of its low
cost and power consumption this
technology has a great future
ahead.
CONCLUSION
Greetings to everyone, this is komal here and i have my colleagues with me as well siddharth jadhav and sneha rana. Hope everyone knows that well what we have gathered here for but since i’m starting i’ll introduce again we’ve gathered here for our subject seminar and the subj which is allotted to us is software engineering. And as it says in the slide our topic is bluejacking. There’s this character jack in titanic if you’ve seen the movie you might know and there’s this colour blue. So most of you might have contemplated that are we going to talk about blue jack. And the answer is no! Ofc not. Anyways, jokes apart to know about topic you have to be all ears in the seminar. Thank you
These are our table of contents, introduction, bluetooth, bluejacking and conclusion. Before going into detail, there might a question popping up in your minds, why do we have to learn about bluetooth when your topic is bluejacking? i’ll have to say that to us bluejacking was totally a new topic. So, before researching about bluejacking we researched about bluetooth. I’m not sure if you guys are aware about the functions, advantages and disadvantages of bluetooth. Hence, we tried to cover this from basics concepts of bluetooth as it’ll help people who are unaware of some bluetooth related terms to get the clear view of bluejacking.
Bluejacking allows phone users to send business cards anonymously using Bluetooth wireless technology. Bluejacking does not involve the removal or alteration of any data from the device. There are still so many terms which might new for you. Starting with bluetooth.
Bluetooth consists of very limited range usually around 10 mtrs on mobile phones but for pcs or laptops it could reach upto 100 meters with powerful transmitters.
An Unsolicited Message means a message which is transmitted in response to a locally occurring event. Bluejacking also mean for sending a vCard which typically contains a message in the name field (i.e. for blue dating or blue chat) to another Bluetooth enabled device via the OBEX PROTOCOL.. So you simply type a message and send it to other bluetooth enabled device without their permission.
Becoming bored while standing in a bank queue, Ajack did a Bluetooth discovery to see if there was another Bluetooth device around. Discovering a Nokia 7650 in the vicinity, he created a new contact and filled in the first name with ‘Buy Ericsson!' and sent a business card to the Nokia phone. “A guy a few feet away from me suddenly had his 7650 beep. He took out his 7650 and started looking at his phone. I couldn't contain myself and left the bank,” he says. So, this term came into the world
This technology works over Bluetooth and Infrared Data Association (IrDA) protocols. OBEX is primarily used as a push or pull application. The typical example could be an object push of business cards to someone else. • It performs a function that is similar to Hypertext Transfer Protocol (HTTP) but it does not require the resources that an HTTP server requires making it perfect for low‐end devices with limited resources.
The following protocols runs over OBEX, or have bindings to do so. 1. OBEX Push: used for transferring a file from the originator of the request to the recipient. 2. OBEX File Transfer Protocol : Used to store and retrieve files. 3. Phonebook Access : Similar to file transfer, but uses a target. Phonebook entries can be listed and retrieved from certain directories. 4. IrMC : Used to exchange phonebooks entries, calendar notes, messages, etc.; in its connected form.
We have often mentioned vCards in our presentation. So, for the people who don’t know what are they. vcards are often attached to e-mail messages, but can be exchanged in other ways, such as on the World Wide Web. They can contain name and address information, phone numbers, URLs, logos, photographs, and even audio clips. vCard was developed by a consortium founded by Apple, AT&T, IBM, and Siemens, which turned the specification over to an industry group, and name of the consortium was the Internet Mail Consortium (IMC) in 1996.
So once you’ve switched on your bluetooth, Your phone or PDA will start to search the airwaves for other devices within range. If you are lucky you will see a list of them appear, or it will say that it cannot find any. If the latter happens then relocate to another crowd or wait a while and try again. If you have a list of found devices then let the fun begin.
last step will be to lookout for the shock look in your victim and enjoyyy their panic reaction.
BlueSpam searches for all discoverable Bluetooth devices and sends a file to them (spams them) if they support OBEX. By default a small text will be send.
Meeting point It is the perfect tool to search for Bluetooth devices. You can set your meeting point to a certain channel and meet up with people you’ve not met before. Combine it with any bluejacking tools and have lots of fun. This software is compatible with pocket PC, palm, Windows.
Magic Blue Hack This Bluejacking Software is one of the newer software to help blue jack mobile phones. While the security backdoor has been patched in the newer phones, as long as pairing was previously done, the software can gain easy access the device.
Freejack Freejack is compatible to java phone like Nokia N-series.
Easyjacking (eJack) Allows sending of text Messages to other Bluetooth enables devices.
Proximitymail
Prevent bluejacking by turning your Bluetooth device off in certain public areas. Locations include shopping centers, coffee houses, movie theaters, eateries, bars and clubs, public transportation vehicles, phone and electronic stores. • Set the Bluetooth device to hidden, invisible or non-discoverable mode from the menu. This prevents the sender from seeing your device. Check your manufacturer's manual for disabling procedure. The phone maintains functionality in other modes. • Ignore bluejacking messages by refusing or deleting them. The messages vary but the typical messages come from an admirer, a jokester or someone sending a business card. Consider bluejacking the same way you think about spam.
Bluejackers will only send messages/pictures. They will never try to 'hack' a device for the purpose of copying or modifying any files on any device or upload. • Any such messages or pictures sent will not be of an insulting, libelous or pornographic nature. • If no interest is shown by the recipient after 2 messages the bluejacker will desist and move on. • The Bluejacker will restrict their activity to 10 messages maximum unless in exceptional circumstances e.g. the continuous exchange of messages between bluejacker & victim • If the Bluejacker senses that he/she is causing distress rather than mirth to the recipient they will immediately deceases all activity towards them. • If a Bluejacker is caught 'in the act' he/she will be as co-operative as possible and not hide any details of their activity.