Bluetooth has become a colossal part of our lives since its inception. Invented in 1994, it was the same year that the “world wide web” was born (this refers to actual web pages and not just the general internet). Bluetooth has made phone calls easier, inspired a whole suite of headsets and headphones, allows some of us who still enjoy old, classic cars to play music from our phones without the need for an auxiliary cable, and it’s even influenced some laugh-out-loud, tear-jerking comedy from YouTuber EdBassmaster. As if that isn’t significant enough, just two months ago, the Associated Press reported a story about how, “a man paralyzed by a cycling accident can walk again after an experimental operation by neuroscientists and surgeons in Switzerland.” Like countless others, you might be using Bluetooth right now, in a variety of capacities—maybe you have your wireless earbuds plugged in right now or you’re tapping away on your wireless keyboard. Maybe you have a Bluetooth security camera outside your office or home. All of these “wireless” devices connect to each other and the network using Bluetooth. It’s a great technological advancement that creates for easy access, convenience, and a sleek appearance without that crazy wiring mess but despite these benefits, Bluetooth might pose some serious security vulnerabilities. With the rise of cyber interceptions and attacks, we’re forced to question whether or not Bluetooth is safe. Just how much should we thinking about Bluetooth security? Hackers are only getting more creative, so limiting these threats should be one of our top priorities but first, let’s understand what risks Bluetooth might pose exactly.
How does Bluetooth work?
Bluetooth uses ultra-high frequency (UHF) radio waves to allow for wireless communication between two different devices. They work at about 2.4 GHz (gigahertz, or billion waves per second) to quickly communicate and “speak” to one another. With this method, users can easily transfer files or data from one device to another via Bluetooth, rather than through the Internet.
We use Bluetooth for a variety of things like:
You can connect your smartphone to wireless devices, like headphones, a speaker, your car stereo system, or even your PC. Maybe you connect your computer to your wireless keyboard and/or wireless mouse. Even your television remote uses Bluetooth to connect to the TV. There’s so many different technologies we’re able to connect with the help of Bluetooth.
Users can share documents, files, attachments, photos, videos, and more!
In order to use a mobile hotspot, you might need to use Bluetooth to connect.
Security Monitoring and Recording
Bluetooth security cameras, along with other security devices. You might have one of them at your home.
“Smart” devices, such as Amazon Echo (featuring the classic Alexa), Google Home and many other smart home devices, connect using Bluetooth.
Bluetooth is great for speedy communications and easy transfers of data because it works so quickly and conveniently. So then, what’s the issue with Bluetooth, and why are we even questioning it in the first place?
So, What’s the Problem? About Bluetooth Vulnerabilities
In simple terms, a Bluetooth security vulnerability is any possible risk where someone can intercept, modify, or read information that is wirelessly shared/communicated over two devices via Bluetooth. Since so many people use Bluetooth, cyber attackers are no strangers to finding the weaknesses within these systems to take advantage of the technology, or in their case, to leverage it. Some common vulnerabilities include bluesnarfing, bluesmacking, bluejacking, bluebugging, eavesdropping, car whispering, and good ol’ location tracking. That’s a lot of blues!
With bluesnarfing, hackers can access a wireless device using a Bluetooth connection. Once they get into your device, attackers will gain access to your text messages, email, photos, and whatever else is on your cell phone. This sort of attack can lead to identity fraud. How do hackers do it? Well, they first scan for nearby Bluetooth devices, find a potential target, and then try to pair with the victim. It’s easy for outside interceptors to pair with a device that doesn’t have a PIN code or some sort of security access measure. Once they find a target void of a PIN, they can pair with that device and start to access all the data. Additionally the attacker might go after phone numbers and reroute calls and messages to another number, which many victims won’t even notice.
Another attack hackers can use on Bluetooth devices is known as bluesmacking, which is essentially a Denial of Service (DoS) attack. In a DoS attack, hackers try to shut down a network or device to make it impossible for the owner/user to access anything on said machine. Cyberattackers accomplish that by creating overflow for the victim in hopes of triggering a crash; now, the machine can be operated by the attacker. They can easily do so by using tools like l2ping that comes with Linux, so they can change and specify a packet length to a tremendous size. This can then overwhelm the system with a bunch of requests, creating a DoS attack on the Bluetooth enabled device. It impacts the usability of the device for a period of time. DoS attacks in general aren’t a destructure as a typical cyber attack, and by just rebooting your device, you can likely recover quickly. However, hackers might also use bluesmacking as a gateway to more malicious attacks, which can create tremendous concern.
Believe it or not, Bluetooth devices also have the power to “phish” for their next victim. With bluejacking, devices can send spam and phishing mail to lure users into clicking on bad links and attachments. Some of these messages might just be annoying, but others could actually be malicious and infect your device with malware or a virus. This is yet another example of phishing and social engineering causing a vulnerability within a system – it’s definitely something that everyone should understand and look out for.
Another Bluetooth vulnerability is known as “bluebugging,” where hackers simply target and access a device without the user’s knowledge. If they do this to a phone, for example, they can now make use of the device to make calls, send messages, and gain access to whatever’s stored on the cell phone – which is probably a lot. Many users put a lot of personal information in their mobile devices, which creates a huge security risk to begin with.
In the case of eavesdropping, authorized individuals will try to access and monitor communications made via Bluetooth. They do so with special hardware and software tools. With access to conversations, they can easily gather sensitive information like personal data, credit card numbers, banking accounts, and more, and then exploit that information.
This one is a huge concern for car owners, especially those who use Bluetooth to listen to music and make/receive phone calls. Hackers might use this tactic to listen to and intercept calls made over Bluetooth in the car.
A study done at The Ohio State University back in November 2022 found a glitch in many Bluetooth devices that can make it easy for attackers to track a user’s location. Postdoctoral university researcher, Yue Zhang, and advisor, Zhiqiang Lin, discovered threats in over 50 Bluetooth devices on the market. Here are some of the findings from the study:
Bluetooth vulnerabilities are very real, as indicated by the BrakTooth vulnerabilities found back in 2021. This family of security vulnerabilities included some of the above mentioned threats like bluesmacking using firmware crashes and deadlocks. Experts discovered 16 new security vulnerabilities in total and 25 common vulnerability exposures (CVEs). The researchers include a nice Attack Scenario Overview, describing how the attack is played out:
All an attacker needs is a cheap development kit with non-compliant LMP firmware and a PC to run a proof-of-concept (PoC) tool. They can then launch an attack. The PoC tool logs over-the-air packets to analyze device health or gets the status directly. The researchers released some of the affected Bluetooth (BT) BR/EDR chipsets:
Some impacts of BrakTooth include arbitrary code execution in IoT devices, DoS attacks (bluesmacking) in laptops and smartphones, and freezing audio products. The researchers comment that with the use of Bluetooth on these devices, updates are important to protect against vulnerabilities.
To learn more, we recommend that you review BRAKTOOTH: Causing Havoc on Bluetooth Link Manager for an extensive documentation about the research and technicalities behind this.
Introducing BLE: Bluetooth Low Energy
Bluetooth version 4.0 – known as Bluetooth Low Energy or BLE – was released back in 2011, over 10 years ago. It’s a wireless, low-powered Personal Area Network (PAN) that works to connect devices over a relatively short range. BLE implements itself well with the Internet of Things (IoT), as it was actually created with IoT in mind. This type of Bluetooth consumes, “Low Energy,” as its name suggests and goes into sleep mode when not in use to conserve power.
Understanding Bluetooth vs. Bluetooth Low Energy
Though these two sound almost identical, Bluetooth and BLE have some key features that distinguish them from one another. Bluetooth is a wireless technology that we can use to transfer files, photos, attachments, videos, and more from our cell phones. Bluetooth operates using radio waves to communicate with compatible devices. Since it’s wireless, it doesn’t need a physical connection to other devices and can even operate without a router or a modem. Normal Bluetooth operates in 2.4 GHz (GigaHertz) bandwidth and the connections can range up to 164 feet between devices.
BLE requires less energy than standard Bluetooth. It uses the same band and the same speeds. BLE has a “sleep” mode when not in use to save energy, something that Bluetooth lacks. These two technologies are utilized for different purposes. Bluetooth handles a lot more data than BLE, whereas we use BLE for communications like IoT, which don’t need as much information processing.
We Use BLE Almost Everyday
So many devices nowadays support BLE, including mobile smartphones, cars with keyless energy and/or Bluetooth compatibility, fitness trackers/smart watches, speakers, IoT devices, and so much more. It’s great because it doesn’t require much power and is very compatible with technologies we use on the day-to-day, like our cell phones.
BLE Vulnerabilities Can Become the Key
Researchers from NCC Group recently found that BLE vulnerabilities can be exploited when attackers try to use BLE for reasons other than why it was originally designed. NCC Group developed a tool that does the following:
Essentially, the cybersecurity researchers describe that hackers are using cheap off-the-shelf hardware to crack the poor authentication methods for certain BLE systems. Mostly targeted devices include: cars with automotive keyless entry, laptops, mobile phones, smart locks for homes, control systems, and medical patient tracking. All hackers need is 10 seconds, and they can easily exploit these sorts of devices, even cars like the Tesla Model 3 (which was tested by the company itself). The company also says that Tesla Model Y is likely vulnerable, and that their tests worked with the Kwikset and Weiser Kevo smart locks as well, alerting customers about these possible threats.
This vulnerability is different from other types of threats. Typically, updates will improve on bug fixes and missed threats within a system. But in this case, a firmware update won’t really solve the problem: it’s an exploitation of the device’s design, rather than a hack in the system. That’s what makes this BLE vulnerability especially dangerous.
To prevent this BLE vulnerability, the researchers quote that: “Manufacturers can reduce risk by disabling proximity key functionality when the user’s phone or key fob has been stationary for a while (based on the accelerometer). System makers should give customers the option of providing a second factor for authentication, or user presence attestation (e.g., tap an unlock button in an app on the phone).”
Bluetooth Security Tips | How To Reduce Bluetooth Vulnerability
Think about just how many devices and services involve the use of Bluetooth technologies. Now it’s almost the standard to have a pair of wireless headphones and a wireless speaker for your cell phone. Even when purchasing a new PC, your keyboard and mouse will most likely be wireless – that means it also uses a Bluetooth connection. Take some steps to make Bluetooth a safer experience.
#1 Turn Off Bluetooth When Not in Use
This way, hackers won’t be able to intercept at any random moment. If you keep it on at all times, that increases the possibility of an attacker trying to get into your device/network.
#2 Always Update Your Devices, Apps & Install Security Patches
Updates usually fix bugs and build up against possible risks a software might face. Hackers often exploit older versions of softwares because they know they are vulnerable.
#3 Use Antivirus on Your Phone
This way, you can know if your device is impacted by some sort of malware or attack. We recommend TrendMicro.
#4 Don’t Share Confidential Information via Bluetooth
Since there’s a possibility of interception, play it safe and don’t send anything too sensitive.
#5 Make Sure You Only Pair With Trusted Devices
Know who/what you are connecting with, and don’t accept any pair requests if you don’t recognize the device or owner.
#6 Avoid Pairing in Public
This is where people can most easily intercept, since there’s just such an abundance of people.
#7 Remember to Unpair From Bluetooth
If a device is missing or stolen, immediately remove it from the list of paired devices. You never know whose hands the device is in and what they can do because you are still technically connected to it.
#8 Have Good PIN Protection
PIN protection can make a world of difference for login security and prevent data breaches. Don’t believe us? Be willing to let us prove your wrong—it’s only for your benefit anyway. The more you learn, the more you know, the better off you’ll be.
Bluetooth and Your Business
Maybe your business already has Bluetooth devices, like a security camera outside of the office or a wireless KBM (keyboard and mouse). Perhaps you use your mobile device to check up on work emails or quickly respond using your work account. You’ve probably also connected your phone to your wireless headphones, a speaker, or your car without even thinking that it has any sort of connection to your job. So what does this all mean for your business? Should you cut out Bluetooth entirely given the vulnerabilities, or can you continue to use it?
The decision ultimately is yours but here is what we suggest if you’re not ready to let it go. Take the right measures to maximize your safety and reduce Bluetooth vulnerabilities within your organization, if you choose to use Bluetooth devices. It’s best to keep things on a wire (aka cabled), like your keyboard and mouse, since it’s less likely for hackers to intercept communications over a hardwired device. Besides, consider the actual practicality of your Bluetooth utilizations. Besides having one less tiny thing to dust (like the cable that’s probably coated in easy-to-wipe plastic anyway), how often does your keyboard and mouse ever leave your desk? Most likely never! When using mobile devices, be careful with what you’re accessing from work and what you’re connecting to via Bluetooth. In some cases, interceptors might use social engineering to hack into systems. Always exercise caution, remain skeptical, and realize the difference between spamming/phishing and legitimate messages or prompts. Your business will always benefit from well-educated cyber security practices and cybersecurity awareness training.