Can we rely on Bluetooth to be secure?
Bluetooth is a wireless technology, nearly inescapable by this point. It works like a charm every time you need to pair your device with another. For instance, wireless earbuds might connect to your smartphone and transmit your favorite tunes. In other use cases, Bluetooth is the magic wand connecting your printer or mouse to a computer. However, Bluetooth can be somewhat unreliable and, occasionally, outright dangerous. For instance, perpetrators could intercept the connection between a wireless keyboard and a computer. As a result, the attackers could capture everything you have typed. So, let’s figure out how reliable Bluetooth is, or is it better to stay wired.
What Bluetooth is and how it works
Bluetooth is a technology responsible for exchanging data between nearby devices. Thus, it differs from other radio waves because it does not reach very far, and frequencies change continuously. The average connectivity range is 30 feet (10 meters). However, disturbances or connection failures might occur due to various obstacles like thick walls.
When it comes to switching frequencies, this bouncing uplifts Bluetooth security. The technique applied is frequency hopping spread spectrum, preventing interferences. Thus, devices hop to different frequencies hundreds of times per second to fend off against hacking attacks.
Thus, Bluetooth is the wireless technology for short-range communication between devices. It is mostly reliable, and most pairing poses little to no threat. However, specific scenarios, vulnerabilities, and hacking tactics are capable of sabotaging connections.
Common Bluetooth attacks to know
- Bluejacking. It is an attack when perpetrators exploit a Bluetooth connection to send unsolicited messages from the targets’ devices. The technique might be harmless, and some instances show its use in guerilla marketing. With older smartphones, like Nokia 7650, attackers would send only messages to the other Bluetooth-connected devices. However, modern mobile phones support much more, making it possible to transmit sounds, videos, or images.
- Bluesnarfing. This type of Bluetooth hacking means that someone connects to a device without its owner’s knowledge. As a result, the unknown invader can retrieve any information available on the target machine. It might include anything from pictures and contact lists to text messages.
- Bluebugging. This attack can be much more devastating as it allows a perpetrator to take complete control over a device. There are certain limitations that attackers resolve with the use of directional antennas. Bluebugging attempts to create a bug (backdoor) and take control of the device.
- Location tracking. Hackers can intercept your connection to keep track of your movements. In 2019, researchers from Boston University reported a vulnerability in multiple high-profile Bluetooth devices. Essentially, hackers could retrieve sensitive information, including exact locations and activities.
- BlueBorne attacks. These unsolicited exploits refer to the device takeover through the use of BlueBorne vulnerability. Upon successful attacks, perpetrators can also access corporate networks or spread malware laterally to adjacent devices. In 2018, reports suggested that around two billion devices were still vulnerable to BlueBorne attacks. At that time, the general public had known about the flaw for a year.
- Car whisperer. This technique is different as hackers do not target traditional devices. In this case, they focus on hands-free Bluetooth systems in cars and attempt to connect them to Linux computers. After that, the perpetrators could start talking via the system, which is definitely startling. The recommendation is to change the four-digit security key. Typically, many car owners retain the original one, which might be 1234 or 0000.
Other Bluetooth vulnerabilities
Over the years, there were many flaws related to the compromised security of Bluetooth. Here are some of the notorious examples:
- Key Negotiation (KNOB). This flaw, detected in 2019, allowed attackers to intercept connections and decrypt data. Typically, the raid would force two devices to select a short encryption key before starting to talk. Then, hackers would crack the key and obtain access to all data exchanged by the two targets. For instance, it could have allowed attackers to retrieve all keystrokes made via a wireless keyboard.
- BLESA (Bluetooth Low Energy Spoofing Attack). This security flaw emerged to the public in 2020. It was a rather peculiar vulnerability, unusually targeting the reconnection process. The latter refers to the moment Bluetooth connections get restored after devices have fallen out of range. Thus, BLESA could have allowed perpetrators to connect to devices and transfer spoofed info to them. For IoT devices, the hack could also force them to change their behavior.
- The flaw in Bluetooth Core and Mesh specifications. This vulnerability is rather recent, reported by France’s national cybersecurity agency ANSSI in May of 2021. Essentially, the flaw could allow attackers to impersonate other devices and assist in implementing MitM attacks. For a successful assault, perpetrators need to operate in close proximity to the targets. Once the authentication during pairing is complete, the responder device would connect to the attacker instead of the initiator.
These are only a few flaws haunting Bluetooth devices. In the ideal scenario, developers would release updates, and users would use them. However, the issue of patches is much more complex than you might think. Thousands of devices remain vulnerable and not necessarily through the fault of users. Some developers might not release the necessary updates. Additionally, a portion of devices might be inaccessible and incapable of OTA (over the air) patching.
Tips for safe Bluetooth connections
- Disable Bluetooth when not in use. Minimizing your Bluetooth usage is one way to remain safer. Whenever you do not need to pair your device, make a note to turn it off. At the very least, do this when you are in an unfamiliar environment, such as a coffee shop or a mall.
- Patches are everything. Many Bluetooth vulnerabilities have come and passed. In other words, numerous patches have been released to fix them. Thus, it is your responsibility to apply them.
- Limit app permissions. You should ensure that applications would not be able to turn your device into a Bluetooth peripheral. Thus, always be sure of how different applications can use Bluetooth. For instance, you should set AirDrop to communicate with contacts only.
- Avoid crowded places. The bright side of Bluetooth attacks is that they must occur in close proximity to the targets. Therefore, if you perform confidential tasks, be aware of your surroundings.
- Be Hidden instead of Discoverable. One trick to use is to prevent unknown devices from finding your gadget. You can implement this by setting your Bluetooth in hidden mode.
All in all, Bluetooth is the invisible power that simplifies our lives. However, like any other technology, it is prone to vulnerabilities. You should be aware of the possible attacks and do everything to defend against them.
However, whenever you choose a new device, please make sure that the company releases regular updates. If not, your devices could remain vulnerable, be it to Bluetooth-related bugs or others.
After all, Bluetooth offers dozens of deployment options. Sadly, developers do not have proficiency in each of them. Thus, faulty implementations do happen as well. However, if you follow the tips above, your experience should be seamless and stable.