Bluejacking
The practice of sending unsolicited messages to nearby Bluetooth-enabled devices, typically used for spam or social engineering rather than data theft.
Also known as: Bluetooth spam, Bluetooth messaging attack
Last reviewed: 1 June 2026
Bluejacking exploits the Bluetooth 'pairing discovery' feature to send short messages or contact cards to any Bluetooth device within range — typically around 10 metres — without the recipient's consent. The attacker does not gain access to the victim's device or data; the intrusion is limited to the unsolicited message itself.
In its most common form, bluejacking is a nuisance — strangers sending anonymous text messages in public places. However, it can be used as a social engineering vector: a message appearing to be from a trusted source or asking the recipient to take an action. Some bluejacking messages have been crafted to look like system notifications, tricking recipients into enabling Bluetooth pairing or visiting a website.
Bluejacking is distinct from the more serious bluesnarfing, which involves unauthorised data extraction. The primary defence is to keep Bluetooth in non-discoverable mode when not in active use, and to avoid pairing with unknown devices. Modern smartphones are significantly more resistant to bluejacking than earlier devices.
Examples
- A marketing stunt sends promotional Bluetooth messages to shoppers whose phones are in discoverable mode as they walk through a shopping centre.