BlueJacking: Was I vulnerable at the Express Lube?

Freephoto
Today I stopped by the local express lube and car wash, another routine errand in my busy afternoon.
Settling into a swivel chair, I positioned myself in front of the window where I could see my car being lovingly cared for by three service technicians. An oil change, a little vacuuming of the leaf shards from the carpet and a spritz of New Car Smell was all I expected. My smartphone chirped form my purse, and an alert appeared to let me know that I had a sync alert coming from my car via bluetooth. The message told me that my car was requesting permission to sync my phone’s contacts and ingoing/outgoing messages. Do I want to proceed?

Squinting through the window, I could see the lead tech sitting behind the wheel of my car with a clipboard, presumably doing a routine check. At least that’s what it looked like he was doing. The door opened and he stepped out, and looked right at me before looking away.

Strange. I pressed “cancel” on my phone, and looked over at the young woman (perhaps teenaged) waiting to check out customers. Do I report this to her?  The man came through the doors and approached me, clipboard still in hand.

“Here you go, Mrs. Spreeman, all set.”

I signed off on the service paper, and said, “You know, when you were behind the wheel my phone alerted me that it wanted to sync my private phone records and contacts.”

The man looked surprised. “Really?  That’s odd. I’ve never heard of that before.”

Yes, odd.

So what do you think? Should I be suspicious, or was it just an odd coincidence that this was the first and only time I had ever received an alert from my car requesting my phone records to be synced up?

Yes, it could have been a coincidence, or it could have been a case of an attempted “BlueJacking,” a term I came across as I began to research the safety and security of bluetooth devices.  You can read about what it is here. But how do you prevent it?  Here are five things we need to do to keep our devices and our personal information safe:

Countermeasures

1. To Prevent BlueJacking, make sure that your device’s bluetooth is turn off in certain public areas like shopping centers, movie theaters, coffee houses, bars, university and electronic stores.

2. Set your Bluetooth device to invisible or hidden mode from the main menu. This will prevents the sender from seeing your device.
 
3. Turning your Bluetooth invisible remains a good option when you normally don’t connect with other devices. Enable visibility only when you need to pair your device with another.
 
4. Ignore BlueJacking messages by refusing or deleting them. Consider BlueJacking the same way you think about spam.
 
5. Attackers or Hacker begin BlueJacking by placing a message in the name field of their phone like, “Special Offer” or “wow!! you won this prize, enter 123 to unlock” Next, they look for enabled devices in the area and select the one they want to BlueJack. They usually send these messages via Bluetooth.
These are good things to keep in mind. I have decided that I will alert the management of the local Express Lube chain of my concerns. And I will turn off my bluetooth and keep it off unless I absolutely need it.
Enhanced by Zemanta

, , , , , , ,