Ever received a random Bluetooth message from a stranger sitting a few seats away? That might have been bluejacking. While it’s usually harmless, it can be disruptive — and for some, even a security concern.
In this article, I’ll break down what bluejacking is, how it works, and the simple steps you can take to protect yourself.
What is bluejacking?
Bluejacking is a technique where strangers use Bluetooth to send unexpected messages to nearby Bluetooth devices, such as your phone.
The name comes from blending Bluetooth with hijacking — because, in a way, your connection gets hijacked with a surprise note.
Most of the time, it’s done as a prank, like sending a goofy “hello” to strangers on the bus. Yet, in some cases, those messages can mimic phishing attempts, trying to trick you into clicking a link or sharing personal information.
While bluejacking itself can’t give attackers control of your device, these types of messages can still be unsettling, intrusive, and even risky if you’re not careful.
How does bluejacking work?
Because bluejacking relies on Bluetooth, let’s break down the technology first.
Bluetooth is a short-range wireless technology that allows devices — think earbuds, smartwatches, fitness trackers, or even phones — to discover each other and share small bits of info.
Bluejacking takes advantage of that discovery step.
Someone with a Bluetooth-capable phone or laptop scans for discoverable Bluetooth devices, picks a target from the list, and sends a message by creating a contact or tiny vCard (a digital business card format that can carry names or short text).
This shows up as a new contact or notification on the recipient device.
It’s essentially a few-step trick and usually requires no special hacking skills.
Here’s a step-by-step breakdown of the process.
1. An attacker enters a public spot
The attacker chooses a crowded public spot where many people have Bluetooth-enabled devices — such as cafés, trains, airports, or busy plazas — to increase the pool of potential targets.
2. They scan for visible devices
They run a Bluetooth search to spot phones or gadgets that are in discoverable mode, looking for likely targets by device name or type.
3. They initiate a Bluetooth connection
After selecting a target from the discovered list, they prompt a Bluetooth exchange — often using the contact/vCard feature — to establish a connection with the device.
4. They send the unwanted message
Finally, the attacker pushes an unsolicited contact or short note. It appears on the recipient’s phone as a new contact or notification, often surprising the user.
The main limitation of bluejacking is that it only works within a short range (about 10 meters) and doesn’t give the attacker any real control — they can’t access your files, apps, or data.
All they can do is push an unsolicited message, which makes it more of a nuisance than a serious hack.
Risks and potential concerns of bluejacking
While a bluejacking attack is most often used as a prank, there are still some real concerns to keep in mind:
Privacy intrusion
When a stranger forces a message onto your screen, even if it’s just “hello,” it feels like they’ve stepped into your digital bubble without permission.
That sense of intrusion can be unsettling, especially when you don’t know who is behind it or whether they’re sitting nearby waiting for your reaction.
Disruption
One message might seem like a harmless joke, but imagine getting pinged repeatedly while you’re working in a café, reading on the train, or sitting in a meeting.
Suddenly, your device is lighting up with unwanted notes from someone you can’t see.
What started as a prank quickly becomes a distraction that interrupts your focus, wastes your time, and, in public spaces, can even embarrass you.
Potential misunderstandings
Here’s where it gets trickier: not everyone is familiar with bluejacking.
For many people, a surprise Bluetooth message doesn’t look like a prank — it resembles phishing messages or the start of a real hack. They might worry their sensitive data is at risk or that their phone has been compromised.
This misunderstanding can lead to unnecessary stress, panic, or even overreactions, like deleting apps or resetting devices.
How to protect yourself from bluejacking attacks
Protecting yourself from bluejacking is simple — with just a few quick settings and habits, you can avoid unwanted messages altogether.
Disable Bluetooth when not in use
The easiest way to avoid bluejacking is to switch off Bluetooth when you’re not using it.
With Bluetooth disabled, your device becomes invisible to scans, so attackers can’t send you unwanted messages.
Set Bluetooth to non-discoverable mode
If you do need Bluetooth (say, for your earbuds or smartwatch), set your Bluetooth device to non-discoverable. This way, your existing devices stay connected, but strangers won’t see your phone in their scan.
Here’s how you can set your Bluetooth devices to non-discoverable mode:
iOS
Bluetooth is non-discoverable by default unless you’re in the Bluetooth settings screen.
Android
- Go to Settings.
- Select Bluetooth.
- Disable Visible to other devices (or Device visibility).
Windows
- Open Settings.
- Select Devices.
- Find and select Bluetooth & other devices.
- Toggle off Bluetooth discovery.
Mac
- Go to System Settings.
- Select Bluetooth.
- In this window, verify that your device is only paired with known, trusted accessories.
Decline unknown requests
If a random Bluetooth message, contact, or file request pops up, don’t accept it. Declining unknown requests keeps you safe from unwanted Bluetooth connections.
Besides, it helps you avoid the risk of mistaking a prank for something serious, like phishing messages.
Avoid clicking on suspicious links
If you didn’t expect the message or don’t recognize the sender, don’t tap any links or open attachments.
Treat it the same way you would a strange email or text — better to ignore it than risk exposing your personal information.
Use antivirus and security apps
While bluejacking itself is mostly harmless, some security apps or antivirus software can provide extra protection against broader Bluetooth threats. They add another layer of defense in case someone tries to escalate beyond a simple prank.
For example, Surfshark Antivirus can help you block malware and suspicious files, reducing the risk if someone tries to turn a simple prank into something more serious.
Keep your software up to date
Just like with other cyberthreats, outdated software can leave openings that attackers might exploit to slip through unnoticed.
By regularly updating your phone’s operating system and apps, you get the latest security fixes that make it much harder for bluejackers — or anyone else — to take advantage of known vulnerabilities.
Be cautious in public spaces
Bluejacking is most common in crowded places like cafés, trains, airports, and parks, where attackers have lots of nearby Bluetooth devices to target.
A quick check of your Bluetooth settings before stepping into public spaces can save you from those unwanted surprise messages.
Differences between bluejacking, bluesnarfing, and bluebugging
It’s easy to confuse these Bluetooth threats, but knowing the difference matters. Bluejacking only bothers you with unwanted notes, whereas bluesnarfing and bluebugging can affect your privacy in much more serious ways.
Bluejacking vs. bluesnarfing
The key difference is that bluejacking is limited to sending you an unsolicited message — essentially a prank that doesn’t touch your data.
Bluesnarfing, however, goes much further. It can allow an attacker to secretly access and copy information stored on your Bluetooth-enabled device, such as your contacts, calendar entries, emails, or text messages.
In other words, while bluejacking attacks are more of an irritation, bluesnarfing is a genuine privacy risk that can expose sensitive personal details without you realizing it.
Bluejacking vs. bluebugging
Think of bluebugging as remote control hacking.
Instead of simply sending you a message or stealing files, it can let an attacker take over parts of your phone’s functionality. In some cases, this means they can make calls, send texts, change settings, or even eavesdrop — all without your knowledge.
Because it crosses the line from nuisance to unauthorized control, bluebugging is considered a much more invasive and dangerous Bluetooth-based attack, raising serious concerns for both privacy and security.
Why bluejacking is less severe
Compared to these, bluejacking attacks are relatively harmless. They are typically limited to sending prank-like messages and don’t let attackers steal sensitive data or files, or control your phone.
Still, the unwanted interruptions can feel invasive, and the confusion they cause may lead people to worry about bigger security threats.
Differences between bluejacking, bluesnarfing, and bluebugging
|
|
Bluejacking
|
Bluesnarfing
|
Bluebugging
|
|
What it does
|
Sends unsolicited messages via Bluetooth (usually through contact cards)
|
Steals data from your Bluetooth device (contacts, calendar, texts) without permission
|
Gives attackers partial control over your phone’s functions (calls, texts, settings)
|
|
Risk level
|
Low – more of a prank than a hack
|
Medium-high – real privacy risk
|
High – invasive and dangerous
|
|
Typical situation
|
You get a random “Hi there” message in a café
|
An attacker copies your contacts while you’re on the train
|
Someone uses your phone or other Bluetooth-enabled devices to send messages without you knowing
|
Pro tip: Want a one-step defence? Simply turn off Bluetooth when you don’t need it to cut off all common Bluetooth-based threats.
Key takeaway: while annoying, bluejacking is not necessarily dangerous
Bluejacking is more of a low-risk Bluetooth prank than a real hack, but it can still feel intrusive.
The good news is it’s easy to avoid — simply keep Bluetooth turned off when not in use, or set it to non-discoverable to block unwanted connections.
For extra peace of mind, strengthen your mobile security with reliable cybersecurity tools. These solutions add layers of privacy and protection beyond what your phone settings provide.
Stay private, even in crowded spaces
Increase your safety and data privacy with Surfshark One
Get SurfsharkFAQ
What is the meaning of bluejacking?
Bluejacking is the practice of sending unsolicited messages to nearby Bluetooth-enabled devices by pushing a contact card (vCard) with a short note. It was mostly popular in the early 2000s and is now considered an outdated practice — more of a prank than a real security threat.
What is the difference between bluejacking and bluesnarfing?
Bluejacking only allows someone to send unwanted messages to your device — usually harmless, yet very annoying.
Bluesnarfing, on the other hand, is a serious threat because it can let attackers secretly access and copy information from your device, such as contacts, calendars, or messages.
Is bluejacking possible?
Yes, bluejacking is possible, but only in limited situations. Bluejacking attacks are still possible if a nearby device has Bluetooth turned on and set to discoverable (or if an older phone accepts unsolicited business cards).
It’s far less common today because modern mobile phones and other Bluetooth devices default to non-discoverable. Besides, such devices require pairing or user confirmation, so bluejacking tends to affect older devices or careless settings.
If you’re worried, turn Bluetooth off when not in use or set it to non-discoverable to block it.
How do you spot a bluejacking attack?
You can usually spot a bluejacking attack if your phone suddenly shows a pairing request from unknown devices or a message from a sender you don’t recognize.
These messages often look generic, starting with “Hello” (instead of your name) and may contain spelling mistakes, awkward wording, or even a false sense of urgency.
Sometimes the attacker will try to slip in suspicious links or attachments, or send a flood of short messages all at once to get your attention. If anything feels out of place or unexpected, it’s best to ignore it and decline the Bluetooth connection.
How do you prevent bluejacking attacks?
The most effective prevention is to turn off Bluetooth when you’re not using it. If you need Bluetooth for earbuds or a smartwatch, set your device to non-discoverable mode so strangers can’t see it.
Also, decline any unexpected pairing or message requests, and keep your phone’s software up to date.
