Most people leave their Bluetooth on all the time when they really should only turn it on when they need to. Of course, this is easier said than done, and therefore unlikely to follow. To demonstrate some of the dangers of careless use of Bluetooth, here are five common vulnerabilities that can allow hackers to hijack Bluetooth devices. Common Bluetooth hacks and vulnerabilities:
1. BlueBorn
2. Bluesnarfing
3. Bluejacking
4. Bluetooth spoofing attacks (BIAS)
5. Blue Bugging
1.BlueBorn
The name BlueBorne came from the fact that it can “spread through the air (in the air) and attack devices via Bluetooth” (Armis). When this vulnerability is exploited, hackers can “use Bluetooth connections to infiltrate and take full control of targeted devices” (Armis)
.
What devices are affected by this vulnerability?
• Computers
• Cell phones
• IoT devices
How to prevent BlueBorne attack?
Turn off Bluetooth when not in use Update your device’s system software to make sure it has the latest version
. Don’t use public Wi-Fi and be sure to use a VPN as an added security measure.
2. Bluesnarfing
The Bluesnarfing attack is a type of network attack that occurs when a hacker “connects to your Bluetooth device without your knowledge and steals or compromises your personal data” (Globalsign). This attack occurs without the knowledge of the victim and will only work if Bluetooth is enabled on the device. Bluesnarfing allows hackers to obtain information that could lead to more dangerous cyberattacks.
How to prevent Bluetooth hacking with Bluesnarfing?
• Turn off Bluetooth when not in use Don’t connect to untrusted devices
• Do not store sensitive information on a Bluetooth device
• Use a strong password/PIN
3. Bluejacking
Bluejacking occurs when “one Bluetooth device hijacks another via spam advertising and typically has a range of ten meters or about thirty feet” (AT&T Cybersecurity). This means that the hacker may be in the same room as you. This particular attack does not give attackers access to your device or the information on it, rather it is used to spam users’ devices and annoy. The attack is carried out without the knowledge of the user.
How to prevent bluejacking?
• Turn off Bluetooth when not in use
• Ignore spam messages if you receive them
4. Bluetooth spoofing attacks (BIAS)
Another way for hackers to hack Bluetooth devices is through Bluetooth spoofing attacks. The attackers target “a legacy secure connection authentication procedure during the initial establishment of a secure connection” ( h-isac ). The main advantage of BIAS attacks is that “the Bluetooth standard does not require the mutual use of a legacy authentication procedure during the establishment of a secure connection” ( h-isac ). If the exploit is successful, the hacker can act as an intermediary to intercept sensitive data shared between two connected devices.
How to prevent bias?
The Bluetooth Special Interest Group (SIG) introduced “mutual authentication requirements along with connection type checking to prevent downgrade attacks” (CPO magazine).
5. Blue Bugging
This exploit was developed after hackers realized how easy it was to hack Bluetooth using Bluejacking and BlueSnarfing. BlueBugging uses “Bluetooth to create a backdoor on the victim’s phone or laptop” (AT&T Cybersecurity). An attacker can not only hack Bluetooth devices, but also view all the data on your device.
How to prevent BlueBugging?
• Turn off the Bluetooth feature if you don’t need it
• Do not accept pairing requests from unknown devices When you first connect to a device, do it at home.
• Make sure you always have the latest system software installed.
Bluetooth Safety Tips
Two devices can be paired when they are relatively close, giving hackers an opportunity to intervene.
Here are some safety tips to follow:
- Turn off the Bluetooth function if it is not needed
- Do not accept pairing requests from unknown devices
- Make sure you always have the latest system software installed.
- Make sure your purchased device has the appropriate security features.
Thoughts on preventing Bluetooth hacking
Bluetooth is a popular feature on most devices today, which is why attackers are so interested in hacking these devices. The five hacks described above are just a few of the attack methods that I think are important to discuss, but there are definitely more vulnerabilities.
If you keep a close eye on each hack, the ways to prevent each one are pretty much the same. Bluetooth products are used daily, whether it’s connecting to car speakers or headsets.
Therefore, it is very important to educate people and companies about Bluetooth security in order to prevent such attacks.
When attackers successfully gain access to your device, they have the ability to spy on your communications, manipulate and steal sensitive information. Bluetooth attacks will continue to occur with either existing attacks or zero-day vulnerabilities. People are tethered to their phones and tend to store all sorts of information on them, so do your part to prevent hackers from easily hacking into your Bluetooth device.