Bluesnarfing
An attack that exploits Bluetooth vulnerabilities to steal data — contacts, messages, photos, or calendar entries — from a device without the owner's knowledge.
Also known as: Bluetooth data theft, OBEX exploit
Last reviewed: 1 June 2026
Bluesnarfing is a Bluetooth-based attack that exploits security flaws in the Object Exchange (OBEX) protocol to access and copy data from a victim's device without authorisation. Unlike bluejacking, which only sends a message to the target, bluesnarfing extracts data from it. Sensitive information that can be stolen includes contacts, call logs, SMS messages, emails, photographs, and in some cases calendar data and unique device identifiers.
The attack typically works against older Bluetooth implementations that do not require pairing confirmation, allowing an attacker within Bluetooth range — usually 10 metres, though specialised long-range antennas can extend this — to connect silently and pull data. Modern smartphones with up-to-date firmware are substantially more resistant, but older or unpatched devices remain vulnerable.
The name combines 'Bluetooth' with 'snarfing', a term for stealing data. Countermeasures include keeping Bluetooth in non-discoverable mode, keeping device firmware updated, using Bluetooth only when needed, and never accepting pairing requests from unknown devices.
Examples
- An attacker in a crowded train uses a Bluetooth exploit against an older smartphone left in discoverable mode, silently copying the victim's full contacts list and recent messages.