What is bluejacking?

Have you ever been doorbell ditching before? The point of the
prank is simple: Sneak up to someone's front door, knock
loudly or ring the doorbell, and, instead of greeting whoever
answers the door, run away and hide somewhere nearby. The joy
of doorbell ditching is, of course, reveling in the
homeowner's confusion and rolling with laughter under the
security of his nicely trimmed bushes. Although the game
might get you in a bit of trouble if you happen to incite the
ire of a cranky neighbor, it's mostly a harmless joke on par
with a prank phone call.

For more technically inclined pranksters with access to
Bluetooth technology, however, there's the digital version of
doorbell ditching and prank phone calls: Bluejacking. A kind
of practical joke played out between Bluetooth-enabled
devices, bluejacking takes advantage of a loophole in the
technology's messaging options that allows a user to send
unsolicited messages to other nearby Bluetooth owners.

The only difference between doorbell ditching and bluejacking
is that bluejacking usually isn't done on your neighbor's
lawn. Instead, a bluejacker will most likely camp out in
crowded areas like shopping malls, airports and subway
systems to find victims -- places with a potentially high
percentage of people with Bluetooth-enabled devices. The
trend has even fostered fan Web sites, where Bluetooth users
inform newcomers how to bluejack, trade tips and post amusing
bluejacking stories that include every keystroke and puzzled
look.

So how is bluejacking done? What is it about Bluetooth
technology that makes it possible to bluejack? Does it have
anything to do with hijacking information from another
Bluetooth device, and can it cause any harm? Are there any
privacy concerns?

Bluetooth Bluejack

Bluetooth technology operates by using low-power radio waves,
communicating on a frequency of 2.45 gigahertz. This special
frequency is also known as the ISM band, an open, unlicensed
band set aside for industrial, scientific and medical devices.
When a number of Bluetooth devices are switched on in the
same area, they all share the same ISM band and can locate
and communicate with each other, much like a pair of walkie
talkies tuned to the same frequency are able to link up.

Bluetooth technology users take advantage of this ability to
network with other phones and can send text messages or
electronic business cards to each other. To send information
to another party, the user creates a personal contact name in
his or her phone's address book -- the name can be anything
from the sender's actual name to a clever nickname.

Bluejackers have devised a simple technique to surprise their
victims: Instead of creating a legitimate name in the address
book, the bluejacker's message takes the place of the name.
The prank essentially erases the "from" part of the equation,
allowing a user to send any sort of comment he wishes without
indentifying himself.

For instance, if you're sitting in a coffee shop and notice
a fellow Bluetooth user sitting down to enjoy a cup of iced
coffee, you could set up a contact under the name "Is your
coffee cold enough?" After choosing to send the text via
Bluetooth, the phone will search for other enabled Bluetooth
devices; selecting one will send the unsolicited message to
that device. A bluejacker's crowning moment comes, of course,
when the victim receives the message and expresses a mild mix
of confusion and fear that he's under surveillance.

Bluejacking is imprecise, however. Searching for other
Bluetooth-enabled hardware might turn up a list of devices
labeled with a series of numbers and letters. Unless the
bluejacker's target has chosen to publicly identify his or
her phone, or it's the only Bluetooth phone in the area, the
bluejacker may have a hard time messaging his or her target
on the first try.

After bluejacking turned into a small tech subculture in
2003, several Web sites emerged, offering how-to's and forums
for trading stories. But there's even a bluejacking code of
ethics, according to bluejackQ.com. Bluejackers should
refrain, for example, from sending insulting or threatening
messages to others, and if no interest is shown in
communication after two messages, the bluejacker should cease
activity in order to avoid annoying anyone. The point of
bluejacking, according to its proponents, is to have fun, not
cause complete anarchy.