Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages -- without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.
According to a ZDNet UK article, attackers are exploiting a problem with some implementations of the object exchange (OBEX) protocol, which is commonly used to exchange information between wireless devices. An attacker can synchronize with the victim's device (this is known as pairing) and gain access to any information or service available to the legitimate user. The article claims that bluesnarfing tools are widely available on the Internet, along with information about how to use them.
Adam Laurie, of A.L. Digital, discovered the vulnerability that enables bluesnarfing in November 2003, when he was testing the security of Bluetooth devices. Laurie released a vulnerability disclosure notification about the problem immediately afterward. According to Laurie's bluesnarf-tracking blog, the only way to protect yourself from a bluesnarf attack is to turn off Bluetooth on your mobile device.