The Bluetooth Spam FAQ
by Collin Mulliner (collin-bluespamfaq(AT)mulliner.org)
Q: Why does this FAQ exist?
A: Because I get tones of email from people asking me about it.
Q: What is BlueSpam or Bluetooth Spam?
A: Spam over Bluetooth -> advertisement send to a Bluetooth device.
Q: What is the difference between BlueSpam and/or BlueJacking?
A: They are technically the same, BlueJacking is more a prank kind of thing while BlueSpam is
Spam!
Q: How does BlueSpam look like?
A: BlueSpam is just any file you transfer from one device (the spammer) to your device.
The file types range from VCFs (electronic business cards) over simple ASCII text files to
images (JPG/GIF/etc..) and audio or video files. Not all phones accept all file types,
some just accept business cards while others just accept anything but images and so on.
Q: How does BlueSpam work?
A: BlueSpam is send using the OBEX protocol, more specific OOP (Obex Object Push) and/or OBEX-FTP (OBEX File Transfer Protocol). This is the same protocols your
business card is send over when your beam/send it from one phone to an other.
Q: Why does BlueSpam exist?
A: Because people will always try to use new technology for advertisement (because its so cool!)
Q: How can I protect myself from getting BlueSpam?
A: You can:
- Do you use Bluetooth? If not switch it off (it saves battery)
- Does your cellphone/pda need to be visible (found by other people without your knowledge)? If not, switch visibility off!
- Does your device provide a ask before saving a received file functionality? If yes, switch it on and you will need to accept each file transfer (or if you don't do anything it will timeout).
Q: Is or can BlueSpam be a security problem?
A: No not really, just follow the general rule for files you don't know - DELETE THEM with out opening them!
Q: Where can I get the tools needed to do BlueSpaming?
A: Actually I don't want to tell you, but you will find it anyway so here are a few examples:
- My original BlueSpam PoC application for PalmOS (the reason why I get so much email?)
- bluespammer
- In general any Bluetooth OBEX tool can be abused!
Q: Is there something for Windows?
A: Not that I know of - not that it would be very complicated to write something for Windows
--- commercial section ---
Q: Are there companies which sell BlueSpam solutions?
A: Yes, I heard about a couple of companies - they don't call it BlueSpam by the way.
Q: What are those companies?
A: Here is a small list:
--- personal section ---
Q: Will you write/sell me a Bluetooth Spam application?
A: Maybe - it will be OPT-IN, like Bluetooth Joke of the Day
Only contact me if you are willing to pay for help, otherwise save yourself and me a lot of time by not writing me, thanks!
Q: You suck because you write Bluetooth spam applications!
A: Thats not a question, but please follow the advise above on how to protect your self against
BlueSpam.
Q: I want to know more about X why didn't you talk about it in the FAQ?
A: Maybe because its not relevant or maybe I just forgot or didn't know about. If so just write
to the email address on the top of the page.
updated: Sun Feb 12 11:14:36 CET 2006
-[ Home ]-[ Weblog ]-[ Bluetooth ]-[ Windows Mobile ]-[ Symbian ]-[ PalmOS ]-[ J2ME ]-[ Maemo ]-[ Security ]-[ iPhone ]-[ Android ]-[ NFC ]-[ Contact ]-