Have You Been Bluesnarfed?

I recently became aware of a couple of scams that can significantly hurt your wallet because the end result is a bunch of unauthorized, but legitimate (from the phone company’s perspective) charges on your cell phone bill.  The prevention of these scams is extremely simple and non-technical.

Scam 1:  A scammer hacks into the Bluetooth connection coming from your phone and downloads your entire address book.  They then add a 1-900 premium relay number as a prefix to each of the stored phone numbers in your address book and uploads the modified contacts back to your phone…all in the matter of seconds.

The result?  You call Mom, and your phone simply displays “Calling Mom.”  What’s really happening is that your phone call to Mom is being relayed through a 1-900 premium pay-per-minute “service” and you owe the phone company thousands of dollars by the end of the month.  You’ve been bluesnarfed!

Prevention:  Call your cell phone company and disallow premium phone calls.

Scam 2:  A scammer sits in the back of a crowded movie theater and hacks into your cell phone via Bluetooth while it is tucked safely away in a purse or pocket as to not disturb others.  A second scammer sits outside and sells reduced cost minutes to a crowd of international visitors who would like to speak to their family.  Unbeknownst to you, they are doing so via your cell phone.

The result?  You owe the phone company big for almost 2 hours of international phone calls.

Prevention:  Call your cell phone company and disallow international phone calls.

I took the preventive steps listed and although the customer service rep at my cell phone carrier initially told me it was not possible, after I pushed them they “figured out” how to disable international and premium outbound phone calls on my line.  Although newer phones make these scams harder to execute, the increased range of Bluetooth makes your “attacker” radius larger than ever before.  Besides, it was a 15 minute phone call and may have saved me thousands of dollars.  I hope you take the same precaution!

Some other general recommendations regarding Bluetooth security:

  1. Turn off discovery mode when not actively pairing a device.
  2. Reset default Bluetooth pins to be longer and unique.
  3. Turn off Bluetooth when not in use.
  4. Only pair devices in trusted and non-crowded locations.

Thanks for reading and don’t forget to subscribe!

6 thoughts on “Have You Been Bluesnarfed?

  1. Thanks for this information! I have a question, though. If your phone is passcode protected, can someone still access your bluetooth?

    • Passcodes do not help in this case, as demonstrated by the fact that your Bluetooth headset will still work even if your phone is locked. However, having a passcode is important, especially in the event of a lost or stolen cell phone.

  2. Yeah, I go t hit with this, noticed the extra rings and contact Verizon. They say they are not holding me liable for the calls. If I had not called adn asked them about it they may have held me liable.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>