During an onsite engagement, a penetration tester notices a user's smartphone repeatedly receiving unsolicited Bluetooth business-card pop-ups from an unknown device labeled "FreePrizes." The tester must recommend an immediate, user-level change that will stop further spam while still allowing the phone to stay connected to its headset and watch. Which action is MOST effective?
Configure a randomly generated 16-digit PIN for all future pairings
Enable a user prompt requiring approval for every incoming object push
Leave Bluetooth visible so the attacker receives a connection refusal each time
Disable discoverable/visible mode after legitimate devices are paired
Bluejacking relies on discovering nearby devices that have left Bluetooth in visible/discoverable mode. Once legitimate peripherals are already paired, switching the phone to non-discoverable (hidden) mode prevents casual scans from locating it, blocking unsolicited object-push messages. A complex PIN only affects future pairings, leaving current spam unaffected; remaining discoverable-even to send refusals-still exposes the device; prompting the user for every incoming object does nothing to stop repeated attempts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'discoverable mode' mean on a device?
Open an interactive chat with Bash
Why does turning off discoverable mode prevent unwanted transmissions?
Open an interactive chat with Bash
What are some other ways to secure devices from unsolicited short-range broadcasts?