I'm using Windows and only asking here because Google says it's a Linux thing, but my question is what is a Bluez and why was it trying to connect to my computer at 5AM this morning?
@JokeDeity Seeing a device called "Bluez" trying to connect to your computer (in some undefined way) doesn't necessarily mean it has anything to do with bluez.
I mean, sure, I really don't know.
It's the name of "Bluetooth" program on Linux. Used to control Bluetooth adapters and chips.
what is a Bluez Linux bluetooth protocol stack
why was it trying to connect to my computer
Maybe you have some linux devices like IoT that are connecting to your computer via bluetooth
Maybe. Nothing new has been added at my home, I only noticed it as I was leaving for work and since it weirded me out because it just kept trying to connect every time I denied it access I disabled my Bluetooth and left, it's not trying to connect now that I'm back home and have enabled my Bluetooth. The only thing I have connected recently is my PS5 controller and it's showing up correctly.
There's not really enough information here to go on. A quick search comes back saying bluez is a Bluetooth protocol implementation.
Are you seeing a device trying to connect to Bluetooth on your Windows machine? Is it a device on the internet trying to connect to your machine?
Can you post the logs that you're seeing please?
I disabled my Bluetooth as I saw it leaving for work, of anyone knows how I can pull up a log for this on Windows that would maybe help me figure out what it was.
How did you see it in the first place? I'm trying to help you get to the bottom of it but without answering the appropriate questions or providing a way for us to analyse it it's going to be extremely difficult unless someone comes along who knows more. Anyway best of luck ans hopefully you find out.
It was popping up in the windows 10 notifications and then the Bluetooth settings app showed it as well, beyond that I'm not sure what to clarify.
Well that is the question I intentionally asked in my 1st comment so yeah that's a good start :P
Considering that it definitely is a Bluetooth device that means it has to be relatively close to your computer. Unless you live in an apartment building and are in range of Bluetooth devices not in your household you should be considering the electronic devices around you.
Do you have any "smart" devices like a baby monitor, a home camera system, vacuum, air purifier or any such thing that has Bluetooth?
Because you are saying that there's no new devices that you can think of, and it does seem suspicious, my thought goes towards a device that is connected to the internet and has potentially been hacked and is now misbehaving. It may not be the case but best to err on the side of caution and you did the right thing by not accepting the connection.
I definitely have some bt devices around the house, but I'm pretty sure they're accounted for in the list of previous connected devices and if it wasn't something I have connected before it seems odd it would be trying to connect out of the blue, and my fiance was sleeping so I know no one in the house was using anything like that. There are some sketchy business on the other side of our back fence, but it's probably JUST close enough for a Bluetooth device to connect to my PC and when I went outside the front shortly after there was no one around (again, 5AM so most people are sleeping). The whole thing was just weird because I haven't had something like this happen in the years of having my PC constantly on in this house and every time I clicked deny access it popped back up, possibly because it was just sending a connect signal and not listening for a denial, but that's merely guessing because I don't have much knowledge on this.
Curious kids, tinkerers and business customers are all other options. Someone might have an app that spams connections to annoy neighbors, someone might be testing their new program/script they wrote, someone might have malware that replicates via bluetooth connections, and yes, someone might be trying to hack into every nearby bluetooth devices. Update your network hardware (modem/routers/wifi APs), don't accept unknown connections, and you should be as safe as can be expected (unless you're sysadmin levels of proficient). If the annoyance gets to be too much, just disable bluetooth when you're not using it (or make it undiscoverable so your devices can stay connected)
This does sound very unusual that it would try to connect, so I wanted to add more context about how bluetooth works, which might help figure out where to look next or if you should look into it at all
In bluetooth there is the idea of a central device and peripheral device. Peripheral devices advertise of their existence in hopes that a central device establishes a connection. The central device always has the final say. For example, a phone (central device) connecting to bluetooth headphones (peripheral device).
Your computer should really only act as a central device. So you get to choose which devices are allowed to connect … but there are two exceptions:
- a device can auto-connect to a previously paired device. Maybe you accidentally paired with the Linux device, or thought it was another device. You can unpair / forget the device if you did.
- special software which auto-connects to devices. For example the nintendo switch auto-connects to controllers when the "change grip/order" menu is open. I think this would be very unusual, even for malware.
Technically, the bluetooth spec does allow bluetooth devices to be a central and peripheral at the same time. In theory if Windows is advertising itself as a peripheral, then the Linux device could connect as a central. The issue is, I don't know if or when Windows is sending these bluetooth advertising packets. Maybe when bluetooth settings are open or if you have a wifi hotspot enabled?
Also, not all devices support running both modes at the same time, so you can rule it out if the device can't be a peripheral. According to this guide, this is how you check that: https://www.howto-connect.com/see-if-windows-10-pc-supports-bluetooth-low-energy-peripheral-role/
If it just appeared in the connectable device list, then there is nothing to worry about really, bluetooth has some range to it, and it could just be a neighbor's device.
Great point that I hadn't even considered, why was it initiating the connection? That actually just made me all the more confused and paranoid about the whole thing. I use a Bluetooth dongle, but I figured it was acting as a central device as expected.
I think i'm still confused on how you came to know the device was trying to connect to you :D Was there a Windows notification? Did it ask you to enter or confirm a code? Were you using bluetooth in general at the time?
I guess my main proposal is that central device can't begin to initiate to another central device. In the discovery phase, a central device is like an ear, and a peripheral device is like a mouth. Ears can't speak to other ears, and mouths can't listen to other mouths. Mouths don't know if ears are even there to listen, only the ears can initiate a connection.
In most cases Windows is like an ear. Neither a central nor peripheral can initiate a connection to you. Only you can initiate a connection to some other peripheral.
However Windows can act like a mouth under specific circumstances, specifically I found that you can use your computer as a hotspot and share over bluetooth. Sharing over bluetooth means Windows opens its bluetooth mouth to tell anyone willing to listen that it is connectable. So if you were doing something bluetooth related at the time it could have allowed a foreign (central) device to initiate a connection
It's funny, everyone keeps asking the same things so I have to keep typing the same information in this thread. 😅
It came up as a Windows notification center popup in the bottom right corner of the screen saying it was trying to connect or something like that, but when I clicked on it, it came up with a different window offering me yes or no, I clicked no, then it came up in the bottom right corner again starting the loop over, I clicked no several times before opening the connected devices app and disabling Bluetooth completely. This all happened in about 60 seconds as I saw it when grabbing my keys to leave for work at 5am, no one else was awake and I wasn't interacting with ANY devices or my computer at all beforehand.
Sorry 😅 I probably could have taken a closer look at other comments, but in any case this paints a nice picture for me, thank you :)
Edit: Actually I decided to boot into Windows and test this a little myself, and turns out when bluetooth is on it is discoverable (Windows is a peripheral, the BlueZ device is a central wanting to connect). When i connected from my phone to my computer, It seemed more accurate to what you described too. If you dont use bluetooth disable it, or make your device not discoverable. 😅
It does help to know it was a notification and to know what was in it. I was able to find an image which looked similar and led me to find a Windows feature called Swift Pair. It lets you connect to a bluetooth device via notification, rather than in the settings. You can try disabling Swift Pair if it is enabled.
Here is my conclusion:
As others said, BlueZ is essentially the program that allows bluetooth to run on Linux. The name alone doesn't tell you if the person behind has malicious intent.
It's possible that somebody was making a swift pair compatible device using Linux. Maybe they thought 5AM was early enough that the swift pair notification would only show up on their computer since they wouldn't be able to prevent other people from seeing it otherwise 🤷
It could also just be some device rebroadcasting itself on a clock. I'm not sure why or what you would do with this other than to annoy people?
If you especially don't trust your neighbors and want to imagine a worst case scenario, it could be spoofing something like a bluetooth keyboard, rebroadcasting until someone connects, and runs a series of shortcuts / commands to infect your computer to replicate the virus further. ((Issue is, it doesn't make sense they'd develop on Linux with BlueZ even though the virus could only propagate on Windows. Kinda fun to think about regardless though))
I hope that answers your question :)
I'll still never probably fully know what happened, but that was a great reply and I appreciate all your help. Luckily my direct neighbors on both sides are old AF and I trust them to not be doing anything like this because they wouldn't even know what any of it means, but the sketchy businesses behind us that include a liquor store, vape shop and sex shop among others I can't say I trust as much. I'm glad Windows was kind enough to ask instead of just connecting. 😂
It very well could be a neighbor with a Linux computer. As others have said, bluez is the name of a Linux Bluetooth controller. Bluetooth can have surprising range, and if you're in an apartment, that'd be my first guess. It could be just a passive scan for devices the OS is doing.
A large number of smart devices run Linux. A second guess is, have you acquired any devices recently with WiFi? I have a wireless camera that I know is running Linux.
50-60% of my initial attempts at connecting to something via bluetooth is my accidentally selecting the wrong device. I'd say maybe you're one of my neighbors but I definitely wasn't up at 5am.
Is it updog?