2.5.4 Bluesnarfing

Bluesnarfing is using a Bluetooth connection to gain unauthorized access to Bluetooth-enabled wireless devices including phones and laptops. Once they have access, attackers can view contact lists, calendars, emails, text messages, and files and copy them.

Any device that is turned on and discoverable is vulnerable to bluesnarfing. The devices must be paired in order to copy content. If a device is set to hidden, attackers need the MAC address of the device. They can obtain it either by stealing or finding a lost device or by using a brute force attack (i.e. trying all possible combinations of characters).

Bluejacking is the different from bluesnarfing. Bluejacking is the act of sending unsolicited messages via a Bluetooth connection to Bluetooth-enabled devices. Since Bluetooth has a very limited range, up to 100 meters for Class 1 transmitters and significantly less for Class 2 and 3 transmitters, the sender must be physically nearby the owner of the device. Most bluejacking instances are not harmful. Instead it often is used for marketing campaigns.