Used to pair mobile devices with speakers, ear buds, printers, and even the fridge, Bluetooth has provided us with the height of connectivity and convenience. Without it we’d still be connected by wires to everything in our home, office, or public space. Since Bluetooth is designed to be a “personal area network", devices that are more than a few feet away should not be accessible via Bluetooth. However, hackers have been known to use directional, high-gain antennas to communicate over much greater distances. By exploiting these vulnerabilities, attackers can gain access to your information and eavesdrop on your conversations while talking on the phone and to the people around you. The device becomes, in effect, a mobile bugging device transmitting everything it hears to an attacker.
Bluetooth is a wireless communication protocol that was designed in 1998 by Swedish company, Ericsson, to replace the cables used for carrying audio and exchanging data between devices or computers within a limited range using short-wavelength UHF radio waves. Initially, Bluetooth was not designed to transmit information securely, but rather to connect devices together without wires when they were in close proximity with each other.
There are various risks that come with using Bluetooth; the main risk is that the information transmitted over the air can be intercepted by any other bluetooth-enabled device in range, including devices with malicious intent.
Bluetooth encryption is supposed to stop criminals listening in on phone calls or accessing your data. However, older Bluetooth devices that use outdated versions of the Bluetooth protocol will likely face the threat of unpatched security holes. First ensure that you no longer use a device with Bluetooth 1.x, 2.0, or 4.0-LE and ensure devices use the latest versions and protocols.
The most common types of Bluetooth security risks to be aware of include the following:
A BlueSmack attack is an example of a Denial of Service (DOS) attack against a Bluetooth-enabled device. A DOS attack is when a target such as a server or device gets overloaded with more data packets or oversized data packets than it’s designed to handle. The target becomes overwhelmed, so it shuts down. You can usually recover from an attack simply by rebooting your device, but attackers could use this as a distraction while running a more destructive cyber attack.
BlueJacking is when one Bluetooth device hijacks another with spam advertising. Bluetooth usually has a broadcasting range of approximately thirty feet, so your BlueJack attacker would need to be nearby. Or an attacker could leave a BlueJacking device in a high-traffic area, such as a shopping mall or airport, that targets Bluetooth-enabled phones as they pass by. Once that device is discovered, attackers launch a phishing attack in the hopes of tricking a recipient into clicking on a hyperlink that takes them to a website containing malware or a website that steals sensitive information.
While a BlueJack attack sends data to a device, a BlueSnarf attack can actually steal data from a device such as text messages, emails, contacts, photos, and the unique identifying information that your device uses. This is extremely dangerous as an attacker could receive enough information from your device to conduct more harmful cyber attacks.
BlueBugging takes a BlueSnarf attack even further. BlueBugging uses Bluetooth to establish a backdoor to gain access to sensitive information and to take over control of a victim's device. This can give a malicious party the ability to spy on your activity and make calls, send texts, and appear as the victim.
The most important and easiest tip is simply to turn your Bluetooth off when you're not using it. Only leave your Bluetooth in 'discoverable' mode when you are actively pairing a new peripheral to your device. When you always use the same earbuds or whichever peripheral, you don’t need to have discoverable mode enabled because your device will already know the peripheral’s unique identifying code.
Also try to avoid transferring sensitive information using Bluetooth. If you have to send information such as passwords or documents that have financial or personal information from one device to another (phone to laptop), ensure they are encrypted.
Turning your Bluetooth function off is a small but effective way to maintain your privacy while enjoying the freedom of wireless connectivity. And, as an added bonus, it will also help preserve your battery life.