Bluesnarfing is a hacking attack that uses a Bluetooth® connection to access a mobile device. It is a much more serious attack than bluejacking, which is more of a practical joke that does not alter any data. Bluesnarfing allows the hacker to take complete control of the device and access many of the functions and all of the data in the device. The hacker is able to make calls and texts, listen to conversations and remove all information without the phone’s owner being alerted. While very serious, bluesnarfing also is very difficult to do — especially if the phone is placed in non-discoverable mode — and either requires special equipment or for the hacker to be within 30 feet (10 meters) of the phone.
There are several types of attacks possible on Bluetooth® devices, and bluesnarfing is one of the most serious, though only very old Bluetooth®-enabled phones are thought to be at risk from this attack. To pull off this attack, a hacker pairs his or her mobile phone with the victim’s phone, allowing the hacker to access features and data through the paired phone. The phone’s owner will not be aware of the attack unless the hacker makes the attack apparent by destroying the phone’s software.
When a phone is bluesnarfed, the hacker gains access to everything on the phone. He or she is able to make calls through the paired phone that are recorded as being from the bluesnarfed phone, send text messages, read the owner’s calendar and memos, and do anything else desired. As such, bluesnarfing is illegal, because it is an extreme violation of privacy.
Bluesnarfing, unlike some hacking attacks, is very difficult to do, in large part because of equipment and space requirements. A hacker must have special equipment to increase the range of the paired phone, so it can attack phones far away. If this equipment is not available, the hacker must be within 30 feet (10 meters) of the victim’s phone or the attack will disconnect.
Another way that bluesnarfing is avoided is by the victim having his or her phone set to hidden or non-discoverable. When the phone is open and set to discoverable, a hacker can find the phone’s address and sneak into it. If the phone is set to hidden, then the hacker cannot see the address and the phone is mostly safe. Determined hackers can still get into the phone by guessing the phone’s address, but this can take millions of guesses. Shutting off Bluetooth® entirely removes all risk of attack, because the hacker will not be able to access the connection.