Bluejacking (see mod note post #16)

ZENER

While sitting in McDonalds with my daughter the other day I was playing with my new Clie PDA. ( Aside: I found a program a few months ago called Bluejacker and installed it on the Clie.)

Anyway I fired up bluejacker and was amazed to find 5 unprotected mobile phones and 1 PDA including 2 n-gage devices !! I couldn't resist having some fun (kid at heart !) and Bluejacked the found devices and innocently looked around to spot the owners looking puzzled and initially it was very funny seeing the looks on their faces.

A thought occurred to me later that night as I chuckled to myself, what if someone used this to pinpoint owners of said n-gage and other phones with a view to mugging them outside ! My daughter is near the age where she will want a fancy phone of some sort shortly - I'd be afraid this might happen to her. I'm thinking of the incident near the UCI in Coolock where a young lad was murdered for his phone so it would appear that life is not as valuable as a phone.

This is probably not the right forum for this but might encourage people to be careful about how they use their mobile devices.

ZEN

flywheel

you can set the Bluetooth on her phone to Visabilty Hidden - so when a stranger's Bluetooth device in range does a 'discovery' then it won't be picked up

a good idea is also to change the default Bluetooth name to something other than the model number or the owners name...

BrianG

ZENER

I understand that but my experiment in McDonalds proves that not everyone knows about it.

I suppose it's not really that important seeing as how kids wear their phones like fashion accessories for all to see anyway.

Anyway it was just a thought !

ZEN

flywheel

Originally posted by ZENER
I understand that but my experiment in McDonalds proves that not everyone knows about it.

grand, sorry when you mentioned you were afraid this might happen to her it sounded like you needed some help

good to highlight it though as you have 'discovered' (no pun intended) many people leave visibility on/shown to all - some do it with particular intentions which is disturbing when kids have these devices too...

BrianG

vibe666

got a motorola v600 for my g/f's b'day and when you select bluetooth (its off by default) it's only discoverable for 60 seconds. thought it was a good way of doing it.

ZENER

Thats scary Brian !

@vibe666 - yeah my son has a new motorola V something or other and it's the same. I couldn't understand why at the time but I guess it's obvious now - kudos to Motorola !

ZEN

flywheel

Ericsson's used to have this temporary discovery too... although with the advent of QuickShare they dropped it in the T610 though and only left you with discoverable (visibility) on (visible) and off (hidden) - they should have left a temporary option there though - it would be my preference...

BrianG

Dankoozy

bluejacking, i miss the good old days of sending my phone number to randomers and having them call me a few days later, chatting along to them for a few minutes before they realised they were talking to a completely different person

rly all phones should accpet business cards by default it was a great way of sending contacts around

before everyone got all paranoid about who has their number, identity theft, stalkers, harassers and the rest. i remember in school we would sit around with our phones and give each other phone numbers of people we knew without having to go and ask all these people individually for their phone numbers. no wai could i get away with doing that now.

AlmightyCushion

I can't understand why the vast majority of people leave bluetooth on by default. Turn it on when you need it, leave it off when you don't.

Rsaeire

AlmightyCushion wrote: »

I can't understand why the vast majority of people leave bluetooth on by default. Turn it on when you need it, leave it off when you don't.

I agree; Bluetooth should always be off, or at least set to undiscoverable/hidden. Not only does it leave you open to unwanted contact, but leaving Bluetooth continuously on runs your battery down faster. I'm still amazed, even with all the information about Bluetooth available, that people still leave themselves wide open and then go on to complain about their handset's battery being crap. :rolleyes:

Pyro Boy

I know we should keep bluetooth switched off but I thought that newer phones were smarter now... would you not have to first approve the bluetooth connection before someone could send you something ...

syklops

Pyro Boy wrote: »

I know we should keep bluetooth switched off but I thought that newer phones were smarter now... would you not have to first approve the bluetooth connection before someone could send you something ...

Usually yes, but some phone have flaws in the way they authenticate other phones. Also, post people use the same PIN for their bluetooth all the time, and amazingly this is very often one of the following: 1234, 12345, 0000, etc.

Good bluejacking software will contain a database of Manufacturers and the assocuated default PIN and attempt them first.

Also, leaving the phone hidden is not terrific security as it can still be found. I wrote a bit of code a while back which basically brute-forced the MAC address. Its a long, slow process, and very inelegant, but it does work.

With phones now coming with sat navs included, I can see people being mugged for their phone, and while they go to the police station to report the theft, the mugger uses the "Take me home" function of the sat nav, and burgles their house when they know the mark is not their.

AlmightyCushion

syklops wrote: »

With phones now coming with sat navs included, I can see people being mugged for their phone, and while they go to the police station to report the theft, the mugger uses the "Take me home" function of the sat nav, and burgles their house when they know the mark is not their.

Hmm.

*changes home address to bosses house*

syklops

AlmightyCushion wrote: »

Hmm.

*changes home address to bosses house*

Maybe change it to Kevin Street Garda Station instead?

Why sat navs aren't password protected is beyond me!

Dankoozy

Pyro Boy wrote: »

I know we should keep bluetooth switched off but I thought that newer phones were smarter now... would you not have to first approve the bluetooth connection before someone could send you something ...

aw come on, you guys are so boring. it used to be great sending random ringtones and video clips to randomers on the same train because in todays modern times of mass paranoia and not talking to strangers it was one of the few ways randomers could still communicate.

mang i used to send people full length mp3's and they accepted them. but its hard to do unless you see a lot of people with their phones out the beep they make to prompt someone to a bluetooth connection is so soft now..

Random

Just to point out to anyone just joining this thread that the original post is 2004. I'm gonna leave the thread open as I'm sure it's still worth the discussion .. but just so people don't go jumping at some old ideas or something

Sully

I assume its not actually possible with new mobiles since any connection requires approval first? Iv often found it amusing turning it on and guessing the name of the person sitting near to me on the bus/train but these days thats all you can do.

syklops

Sully wrote: »

I assume its not actually possible with new mobiles since any connection requires approval first? Iv often found it amusing turning it on and guessing the name of the person sitting near to me on the bus/train but these days thats all you can do.

Dont be so sure.

http://www.pocketmagic.net/?p=123

and

http://www.bluesnarf.blogspot.com/

In the first, it shows how to send messages without actually needing to pair with the device, but using the authentication mechanism as the message delivery agent, and in the second link, discusses modern(as in post 2004) approaches to bluesnarfing.

TanG411

Yeah that used to be a lot of fun.

I loved sending random business cards and in the name slot I'd write ''I like your pants'' or something ridiculous. Then you look around and see who it is :pac: