Everyone uses Bluetooth. Bluetooth is the technology that allows you to connect and share information with other Bluetooth enabled devices when in close proximity. You can use Bluetooth to listen to your favorite music by connecting your headsets and smartphone or even connect it with your car to enable hands-free driving. Although Bluetooth is convenient, there are consequences of keeping it on all the time. The benefits of turning Bluetooth off when not in use make it worthwhile. So, when should you turn on Bluetooth? Here is why you should be worried about leaving Bluetooth on when not using.
Security concerns
Bluetooth has a myriad of security concerns. If you leave Bluetooth on when not using it, you risk exposing it to vulnerabilities. After using sharing files via Bluetooth, always remember to turn it off. Scientists are always uncovering methods hackers use to breach Bluetooth’s security. Let’s look at some of the techniques hackers use to bypass Bluetooth security.
- BlueBorne Attack
BlueBorne is coined from the terms- Bluetooth and airborne. The virus attacks any Bluetooth device turned on, even if the device isn’t paired to the attacker’s device. The attack spreads through air. The attack virus gets into your device through a series of vulnerabilities. It gives a hacker control over your Bluetooth device. These vulnerabilities aren’t in the Bluetooth standard itself, but in its implementation.
How Severe is The Threat?
Bluetooth is the most widespread short range wireless communication protocol. Through a BlueBorne attack, a hacker can fulfill any malicious activity such as
- Data Theft
- Cyber espionage
- Ransomware attack
It allows hackers to penetrate secure internal networks and thus endanger government agencies and industrial systems. A hacker needs to be within the Bluetooth range (approximately within 33 feet) to pull off a BlueBorne attack. So, turn off Bluetooth when not using it, or near someone you don’t trust. Considering the amount of data these hackers can access, the security threat could be severe.
How BlueBorne Attack Works
First, the attackers identify nearby active Bluetooth connections. They can identify devices even if the discoverable mode is set off. Next, the attackers get the device’s Mac address. Every Bluetooth device has a unique MAC address which identifies it. The attackers then explore the device and find out the operating system the victim is using and exploits it accordingly. Lastly, the hackers exploit vulnerabilities in the Bluetooth protocol and can take full control of the device and do whatever they want.
How To Be Safe
The best way of protecting your device from a BlueBorne attack is to turn off the Bluetooth connection if you are not actively using it. Also ensure that your operating system is always up to date.
- Bluejacking
Bluejacking is also known as Bluehacking. It involves sending of unsolicited messages over a Bluetooth connection within a certain radius.
How it works
Think of Bluejacking as a form of spam. It takes advantage of a loop in Bluetooth security to send messages to other Bluetooth devices. The hacker scans his surrounding searching for Bluetooth devices and then sends unsolicited messages to the detected devices.
How severe is the Threat?
Although Bluejacking is annoying, the threat is not severe because the hacker does not take control of your Bluetooth device. Most of the messages sent are meant for advertisement and marketing. Turn Bluetooth off especially when in busy places such as shopping malls and train stations to avoid Bluejacking.
How to be Safe
To protect your Bluetooth device from Bluejacking, set your device to hidden, invisible or non-discoverable mode. If you are not using Bluetooth, turning it off all together is a good idea.
- Bluesnarfing
Bluesnarfing vulnerability was discovered by researchers in 2003 while testing the security of Bluetooth devices. Bluesnarfing is a device attack that involves theft of information from a wireless device through a Bluetooth connection. This could be information from contact lists, emails, calendars, or text messages. This may go on undiscovered because it happens without the user’s knowledge. You are likely to be a victim o Bluesnarfing attack if you have the habit of using Bluetooth in public places.
How it Works
To attack a device through Bluesnarfing, a hacker needs to exploit vulnerabilities in the object exchange protocol (OBEX) which governs the exchange of information between Bluetooth devices. The attacker must first connect to the OBEX Push Profile (OPP). This does not require authentication. The attacker then connects to an OBEX push target and performs an OBEX GET request for known files. Once, the OBEX protocol has been compromised, the attacker then pairs their system with the targeted victim’s device. If the firmware on your device is not secured, the attacker can access and steal files whose names are known. They can also access any services available to the targeted user.
How Severe is the Threat?
Any kind of information theft is worrying. What makes Bluesnarfing more worrying is that the victim may be completely unaware of the attack when its underway. Besides, there is no foolproof way of protecting your Bluetooth enabled device from this attack.
How to be Safe
Your Bluetooth device will remain susceptible to a Bluesnarfing attack as long as the device is on discoverable mode. Keeping it invisible offers some protection against Bluesnarf attacks. There are also anti-bluesnarfing tools. These tools can help detect any unauthorized Bluetooth connection between connected devices. Such tools can be found on Bluesnarfing resource websites. Here are other steps you can take to avoid being a victim of Bluesnarfing:
- Use a strong Personal Identification Number (PIN) to make it challenging for hackers to crack.
- Use your phone’s security features such as two-factor authentication (2FA). All connection requests will require your approval.
- Do not accept pairing with unknown devices
- Bluebugging
In a BlueBugging attack, the hackers exploit the Bluetooth device to get unauthorized access and manipulate the device to compromise its security. Attackers use BlueBugging to track someone, make calls, send messages or any other illegal activity using the victim’s device.
How it works
The attackers pair with the victim via Bluetooth. The attacker then installs a backdoor on the victims device. The backdoor exploits the security vulnerabilities on the device and gives unauthorized access to the attacker.
How Severe is the Threat?
Blubugging is more severe than Bluejacking and Bluesnarfing because the attacker takes control of your Bluetooth device.
Attackers can use BlueBugging for many nefarious purposes. Here are some of them.
- The attackers can install a backdoor on your mobile device and through it take control of your phone. The attackers can then make phone calls with your device and even eavesdrop on your phone conversations.
- The atackers can steal sensitive information from your device.
- Some location based services use GSM to track customers illegally.
- The attackers can get your contact list and call list and ecploit this information.
- The attackers can even change your mobile device Network Provider Settings.
How to be Safe
A Bluebugging attack can be prevented by:
- Keeping your Bluetooth off when not in use.
- Keeping Bluetooth off when in public places including shopping malls, rain stations, restaurants, etc.
- Keeping the device on hidden, invisible or the non- discoverable mode when using Bluetooth.
How To Safeguard Your Bluetooth Devices From Security Threats
To deal with Bluetooth security issues, consider the following precautions.
- Turn it Off
()Turning off Bluetooth comes first. If you are not using Bluetooth, there is certainly no need to leave it active. Leaving it on makes it more likely for your privacy to be invaded. Most shopping malls and airports now have Bluetooth sensor beacons which scab for Bluetooth MAC addresses and use them to monitor, a device’s journey through an area. Your device’s Wi-Fi interface can also be used to map your movement. It is worth keeping it off as well.
- Update Your Devices
Over the years, numerous Bluetooth security vulnerabilities have been discovered. However, they have been patched through firmware and software updates. Make sure that your phone firmware and laptop operating system are up to date to safeguard your devices against hacks and security threats.
- Limit App Permissions
Some apps such as the music player in iOS can turn your phone into a Bluetooth peripheral. Another similar app is Airdrop. A hacker can send you unsavory images over AirDrop. To deal with this, disable the app or set it to ‘Contacts Only’ mode.
- Keep Your Distance
Bluetooth has a limited range. Most of these attackers are always in the vicinity. Always check your surrounding before sharing sensitive information via Bluetooth.
- Only Pair With Known Devices
Avoid pairing with unrecognized devices. When pairing with another device for the first time. Make sure you do it at your home or in the office and not in a public place. Hackers often target users of public Wi-Fi. So, let it be a rule of thumb o never accept pairing requests when you aren’t sure of the other party’s identity.
Wrap Up
All said and done, it might not be possible to turn Bluetooth off if for example you’re actively using it with some Bluetooth enabled devices such as your car or smartwatch. For this reason, make sure that you are always updating your device. Updating your device could correct some security flaws, including Bluetooth. So, if you are forgetful, setting up a calendar reminder to remind you when to update your Bluetooth devices could be a good idea. However, the best solution is not to leave your Bluetooth on when not using the connection.
