Bluetooth is a wireless technology that enables individuals to be hands-free while connected to their mobile devices for audio, navigation, and more. Bluetooth is enabled on many devices such as mobile phones, laptops, iPads, headphones, etc. which can be an invitation for hackers to compromise this functionality. Most people leave their Bluetooth enabled all the time when they should only really enable it when needed. Of course, this is much easier said than done, and therefore unlikely to be followed. To showcase some of the dangers of careless Bluetooth usage, here are five common vulnerabilities that when exploited can allow hackers to hack Bluetooth devices.
Common Bluetooth Hacks and Vulnerabilities:
- BlueBorne
- Bluesnarfing
- Bluejacking
- Bluetooth Impersonation Attacks (BIAS)
- BlueBugging
1. BlueBorne
The name BlueBorne was derived from the fact that it can “spread through the air (airborne) and attack devices via Bluetooth” (). When this vulnerability has been exploited, hackers can “leverage Bluetooth connections to penetrate and take complete control over targeted devices” ().
Which devices does this vulnerability affect?
- Computers
- Mobile phones
- IoT devices
How to Prevent BlueBorne Attack?
- Turn off Bluetooth when not used
- Update your devices system software to make sure it is on its latest version
- Do not use public Wi-Fi and make sure to use VPN an additional security measure
2. Bluesnarfing
Bluesnarfing attack is a type of network attack that occurs when a hacker “pairs with your Bluetooth device without your knowledge and steals or compromises your personal data” ().
This attack occurs without the victim’s knowledge and will only work when the device has Bluetooth turned on their device. Bluesnarfing allows hackers to take information which could lead to a more harmful cyberattack.
How To Prevent Bluetooth Hacks via Bluesnarfing?
- Turn off Bluetooth when not in use
- Do not pair with untrusted devices
- Do not keep sensitive information on a Bluetooth device
- Use strong password/PIN
3. Bluejacking
Bluejacking happens when “one Bluetooth device hijacks another with spam advertising and usually has a broadcasting range of ten meters or about thirty feet” (). This means that the hacker could possibly be in the same room as you. This specific attack does not give attackers access to your device or the information on it, rather it's used to spam users' devices and to be annoying. The attack is performed without the user’s knowledge.
How To Prevent Bluejacking?
- Turn off Bluetooth when not in use
- Ignore spam messages if you receive them
4. Bluetooth Impersonation Attacks (BIAS)
Another way for bad actors to hack Bluetooth devices is through Bluetooth impersonation attacks. Attackers target the “legacy secure connection authentication procedure during the initial secure connection establishment” (). The primary exploit in BIAS attacks is that the “Bluetooth standard does not require the use of legacy authentication procedure mutually during secure connection establishment” (). If the exploit is successfully executed then the hacker can act as a man-in-the-middle to intercept sensitive data shared between the two connected devices.
How To Prevent BIAS?
The Bluetooth Special Interest Group (SIG) introduced “mutual authentication requirements along with checking for connection types to prevent connection downgrade attacks” ().
5. BlueBugging
This exploit was developed after hackers realized how easy Bluejacking and BlueSnarfing bluetooth hacks could be conducted. BlueBugging uses “Bluetooth to establish a backdoor on a victim’s phone or laptop” (). Not only can the attacker hack Bluetooth devices, but they can also view all data on your device.
How To Prevent BlueBugging?
- Turn off Bluetooth function when it is not needed
- Do not accept pair requests from unknown devices
- When you are pairing with a device for the first time, do it at home
- Make sure you always have the latest system software
Bluetooth Safety Tips
Two devices can be paired when they are relatively close in distance which gives hackers the opportunity to intervene. These are a few safety tips that individuals should follow:
- Turn off Bluetooth function when it is not needed
- Do not accept pair requests from unknown devices
- Make sure you always have the latest system software
- Ensure that your purchased device has adequate security features
Final Thoughts on Preventing Bluetooth Hacks
Bluetooth is a popular functionality on most devices today which is a reason why attackers are so interested in hacking these devices. The five hacks that were discussed above were only a few attack methods that I found important to discuss, but there are definitely more vulnerabilities that exist. If you pay close attention to each hack, the ways to prevent each one are almost all the same. Bluetooth products are used on a daily basis whether it is to connect to the speakers in your car or your headsets. Therefore, it is very important to educate individuals and companies about Bluetooth safety to prevent such attacks from occurring. When attackers successfully gain access to your device they have the capability to spy on your communications, manipulate and steal sensitive information. Bluetooth attacks will continue to occur either with existing attacks or from zero-day vulnerabilities. People are addicted to their phones and tend to keep all kinds of information on there, so do your part to make sure that attackers cannot easily hack your Bluetooth device.