Mobile users face virus fears as bluejacking craze causes panic, Sophos reports

November 13, 2003 Sophos Press Release

Blue man The new mobile phone craze of "bluejacking" has panicked some users into thinking they might be under attack from a cell phone virus, Sophos technical support reports.

Bluejacking takes advantage of the Bluetooth communications technology built into many modern mobile phones. Bluetooth allows mobile devices to communicate with one another, at a range of about 30 feet. When Bluetooth is activated it can automatically seek out other Bluetooth phones in the vicinity and attempt to communicate with them.

The new fad is to send mischievous messages wirelessly between Bluetooth-enabled phones, and watch the shocked look on the recipient's face. Every Bluetooth phone in range can receive the unexpected, unsolicited message. Recipients are said to be "bluejacked" (a word derived from "Bluetooth" and "hijacked"). Unlike regular SMS text messaging, there is no charge for sending a Bluetooth message and they can be delivered in areas where there is no network coverage.

"If you don't know about bluejacking these messages can be quite a shock," said Graham Cluley, senior technology consultant for Sophos. "Unexpected messages on your mobile may lead you to believe you are the victim of a new mobile phone virus, or receiving cell phone spam. As these unsolicited messages are being sent by someone in your close vicinity they can also include personal information about your appearance, or your environment, which may alarm you into believing that you are being stalked."

"Sophos has received reports from users alarmed by the messages they have received on their phones such as "You've been Bluejack'd", and asking if they are suffering from a new kind of virus attack. These messages are not viruses, but clearly they can be a nuisance and unexpected surprise," continued Cluley.

A number of websites have been opened to describe how to bluejack, and the craze is expected to spread. Sophos recommends that users who do not wish to receive the messages (which can be a nuisance as they must be deleted) turn off Bluetooth capability when they do not require it.