How Secure Is Bluetooth? – Should You Be Afraid Of Public Bluetooth Connections?

Modern communication methods mean that we are exposed to more ways of our privacy being compromised. When only landline phones were used as a method of communication, to listen in, one would have to literally intercept the wiring of one’s apartment or be extremely close, so much so that it would be outright dangerous.

In today’s world of wireless communication, from simple internet browsing where most of our browsing data is being tracked, to direct communication between devices, like Bluetooth, our safety is not as rigid as it used to be.

Bluetooth is a very popular method of communication between devices, smartphones, PCs, laptops and peripherals like keyboards, as well as cars. But just how secure is bluetooth?

What Exactly is Bluetooth?

Bluetooth, named after a 10th century Danish king, Harold Bluetooth, is a communication standard for exchanging data between mobile and fixed devices. Bluetooth uses the industrial, science and medicine part of the radio spectrum, namely frequencies from 2.402 GHz to 2.480 GHz.

Bluetooth Legacy Pairing, meaning devices using Bluetooth 2.0 or older, uses a PIN as a method for users to verify the two device’s secure connection. This method proved to be exploitable, mostly due to the negligence of the users.

Bluetooth devices 2.1 and above use Secure Simple Pairing, a variant of public key cryptography, and has 4 types of handshaking. Devices need to electronically handshake and pair in order for data to be transmitted between them.

While the second method is more secure and every Bluetooth specification has security updates, exploits and hacks are possible, but they have varying degrees of impact.

How to Secure Bluetooth Devices from Hacks – Which Hacks Should Worry You

Bluetooth devices have been exploited multiple times, the first one being in a period between 2001 and 2003. The first method of hacking a Bluetooth device is called Bluejacking and it is mostly harmless.

Bluejacking

The story of Bluejacking dates back to between 2001 and 2003, when an IT consultant hacked a Nokia 7650 phone in a Malaysian bank. The name is an amalgam of Bluetooth and the consultant’s name on the Sony Ericsson forum, which was ajack. It is worth noting that jacking is a common and interchangeable name for hijacking, so it could have multiple meanings.

Bluejacking is used to send messages, first text messages and today, pictures, sound or video messages, to hacked devices. Since no data is extracted, this method of hacking is used to advertise hacking skills, or simply force advertisements on hacked devices.

The primary goal of the first Bluejack was to transfer Sony Ericsson advertisements to another phone.

Bluesnarfing

Bluesnarfing, often mistaken for Bluejacking, is a much more malicious hack. Bluesnarfing allows access to personal information such as the list of contacts, messages, media files, as well as emails. Both the two mentioned methods hijack the Bluetooth connection without the user knowing.

Most devices with the feature “discoverable” can be susceptible to Bluesnarfing, but only if the software is not up to date with the latest security features.

One of the reasons for this is because when set to discoverable, devices basically broadcast their MAC (media access control address), which is hidden when this feature is turned off. This feature exists for the sake of user-friendliness and most consumers have it on whenever they turn on Bluetooth.

Bluebugging

Similar to Bluesnarfing, Bluebugging is another method of hacking a user’s device, usually a phone or other device capable of making calls and having a Bluetooth connection.

The device is hacked often by another device pretending to be a set of Bluetooth headphones, whereupon the fake headphones would get access to calls, contacts, messages, as well as the ability to call someone and listen in (hence the term, bugging).

Having a secure Bluetooth headset, meaning one with the latest specification of Bluetooth, is recommended, but also turning off your “discoverable” feature when in public Simply switching to wired headphones in crowded places will remove any possibility of Bluebugging.

Safety When Using Bluetooth

Security while using wireless connections has been a concern of many people, both consumers and professionals in the communication industry. From an actual technical standpoint, hacking a Bluetooth device is really difficult under normal circumstances, which implies that the device is relatively recent and using Bluetooth 4.0 and newer.

The easiest answer to the question of how to secure Bluetooth connections is to not use Bluetooth at all. This is inconvenient for most users, but take note that wireless keyboards and mice, for example, should not be an issue. Other than turning off your Bluetooth completely, there are a couple more steps one could take to be safer.

Update the Software of the Bluetooth Device

Checking for software updates should be a regular habit, especially security updates. If your device does not offer a general update for Bluetooth connections, then check with the manufacturer of the adapter. Desktop PCs and laptops, as well, use Bluetooth and Wi-Fi adapters. For desktops, motherboard manufacturers will offer relevant Bluetooth updates, while for laptops, one should turn to the laptop manufacturer (Dell, Lenovo, HP).

Do not Download Software from Unsafe Sites

This goes without saying, but not all malware will be as straightforward as giving someone access to your data. Some malware will enable Bluetooth hacks, or make them easier. Unsafe sites should be avoided.

Various antiviruses have site ratings, in terms of their quality of safety towards the user.

Avoid Bluetooth in Very Crowded Places

Bluetooth connections should be avoided in very crowded places, especially with “discoverable” turned on. In order for a Bluetooth hack to happen, the hacker would need to be relatively close.

Conclusion – Bluetooth is Safe in Most Circumstances

Bluejacking, Bluesnarfing and Bluebugging are the most common Bluetooth hacks, targeting vulnerabilities in the software and connection. Newer devices should be safe under reasonable use cases, especially if the user takes care of their online safety, in general.

Devices with older specifications like 2.0 and lower, should not be used in risky situations if any valuable and relevant data is stored on them, including synced accounts.

About The Author

Milan Zagorac

Milan has always been interested in writing and technology, but managed to pick up a love for music, literature and sports along the way. Essentially a jack of all trades, his interest in all things tech as well as love for the written word, keeps him well occupied.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments