Don’t Run Another Phish Test Until You Read This

Bluejacking

12th May 2021 | Cybrary

Bluejacking is the unauthorized sending of messages from one Bluetooth device to another. Bluetooth is a high-speed, short-range wireless technology for exchanging data between laptops, smartphones, smartwatches, etc. This sort of technology is called ‘Near Field Communications‘, or NFCs. Bluetooth has a very short range (approximately 10m), meaning a bluejacker and their Bluetooth-enabled device must be near you for bluejacking to work.

Bluejacking often involves sending unsolicited business cards, messages, or pictures to other users in your vicinity such as on a subway or train. An example of a documented situation of this happening is a ‘woman being targeted with 120 images on public transport via AirDrop‘. The Huffington Post commented on the story about this woman having been ‘cyber-flashed’ with a flock of more than 100 down-the-pants images via AirDrop while traveling on the London Underground.

What does this mean for an SMB?

It’s not easy for hackers to exploit your devices through your Bluetooth or Apple Wireless Direct Link (AWDL or AirDrop). Though it is uncommon, CyberHoot recommends following these best practices to reduce your risk of falling victim:

Turn Bluetooth and AirDrop off if you aren’t using them.

There’s no need to be discoverable to other users all the time.

For AirDrop users, don’t enable Everyone mode if Contacts Only mode keeps failing.

If you’re in a private place with a sender you trust, it’s probably OK, but if you’re in a busy coffee shop or shopping mall, remember that Everyone mode opens you up to everyone else around.

Verify the name of the phone you are connecting to before connecting to it

It is very easy to connect to the wrong phone using Bluetooth and AirDrop when you’re in a crowded place such as a stadium or shopping mall. Resist the urge to connect blindly when you run across that old friend in one of these places and wish to share a few pictures. Check the name and proceed carefully.

Keep all your devices up to date

In IOS, co to Settings > General > Software Update.

Recognize that Apple Products Are not inherently ‘More Secure’

Oftentimes users are under the false pretense that Apple products are secure, virus-free, and are never exploited. It’s critical to be aware that vulnerabilities exist in all devices and to follow the advice above by turning things off when not in use. Read CyberHoot’s ‘Malware in Macs‘ article to learn more about Mac’s vulnerabilities.