Bluetooth technology, which has been around since 1989, has experienced explosive growth in use over the past decade due to the combination of lower-priced hardware hitting the market and innovations in power consumption and range, thanks to products like Apple’s AirPods. Legislation in many states restricting use of cell phones while driving — including here in Massachusetts very soon — means that Bluetooth has become the de facto standard to listen to and communicate through cell phones.
However, there is one facet of Bluetooth technology that has not experienced much innovation over the years: its security.
A Little History
Bluetooth technology was originally created by Swedish engineers at Ericsson Mobile as a means to serve as a short-link radio for wireless headsets. Ten years later when cell phone sales were starting to take off, their engineers began looking at Bluetooth technology for other purposes.
Around this time IBM reached out to Ericsson with the idea of using their Bluetooth technology to create a wireless link between a cell phone and a laptop for the purpose of sharing a cellular connection. In 2001 the first Bluetooth-enabled phone hit store shelves, the Ericsson T39, in conjunction with IBM's first Bluetooth-enabled laptop, the ThinkPad A30.
The Scary Stuff
At its most basic definition, Bluetooth is used to allow proximal communication between two devices over the air. The connection between two devices can remain active as long as needed and as long as the two devices are within a certain proximity of each other. Today it seems like everything from your thermostat to your toothbrush has some kind of Bluetooth connectivity.
However, as with WiFi, Bluetooth technology is vulnerable to snooping during the back and forth communication between devices, so encryption of that communication is paramount. As with any computing standard, Bluetooth can be susceptible to coding errors that can also lead to vulnerabilities, but unlike a traditional piece of software like Windows, it’s not so easy to push out an update. Because Bluetooth has become a standard for wireless communication, developers have to consider how updates as a whole affect the entire Bluetooth industry. It is because of this that billions of devices could be stuck with a vulnerability for as long as it takes to release a new standard, which can be years. This means it often comes down to the device manufacturers to create their own fixes for Bluetooth’s security issues.
For example, with Apple’s iOS 10 release, Apple created a patch to fix a number of vulnerabilities for BlueBorne, a collection of exploits that can allow someone to take remote control of a mobile phone. To date, it's believed as many as two billion iOS and Android devices are still running outdated software that makes them vulnerable to these exploits.
Common Bluetooth Vulnerabilities
Some of the more commonly known Bluetooth vulnerabilities, ranked from least harmful to worst, are:
Bluejacking is a method in which someone can send unsolicited messages to nearby Bluetooth devices. The messages are usually text, but can also be images or sound clips. Bluejacking is considered to be relatively harmless and more of a nuisance.
Bluesnarfing is a little more serious because it involves the harvesting of information from a Bluetooth connection, including emails, text messages, and contact lists.
BlueBorne is a collection of attacks that allow someone to completely take over a mobile device, allowing for the listening in on phone calls, enabling call forwarding and sending messages, or just using your phone or laptop in a botnet, which can then be utilized to launch a coordinated denial-of-service attack on another target.
All of the previously mentioned exploits require being paired with the target device. However BleedingBit does not. All that is required is that the target have Bluetooth turned on and be within range of the attacker. BleedingBit makes use of a zero-day vulnerability found in Bluetooth chips manufactured by Texas Instruments. These chips are so common though all it takes is for someone to wander into an office building and start scanning for Bluetooth devices to launch a large-scale takeover of devices.
BleedingBit is also “contagious," meaning that all it takes is for one device to catch the bug for it to move through a whole network of Bluetooth-connected devices. This leads one to ask: how secure is that that wireless speaker picked up on a whim from the checkout line at Marshalls, or that dog food dispenser with the camera on it so you can check in on Fido while on vacation (it’s a thing), or that thermostat, or those switches that allow you to ask Alexa to turn on the light?
Home, or on the Range
It can be easy to believe that Bluetooth isn’t that vulnerable because the range of its signal tends to top out at around 30 feet, so a hacker would have to be relatively close by.
This is not the case. With a simple directional antenna and other standard equipment that can be bought at almost any hardware store, security researchers have been able to crack Bluetooth communications from up to a mile away. Furthermore, the Bluetooth signal range can be extended even further by piggybacking off other Bluetooth devices.
Here's How to Protect Yourself
So how do you help safeguard yourself from Bluetooth attacks?
It’s easy actually. Just turn off Bluetooth on your device when you’re not using it.
Both iOS and Android devices allow for easily toggling Bluetooth on and off. On iPhone models 6, 7, and 8 you swipe up from the bottom of the screen to access the Control Center. With models X/XS and above, you swipe down from the top right corner or you can ask Siri to do it for you. On Android you swipe down from the top of the screen to access your settings.
If you have a laptop, consider using a Bluetooth mouse or headset that requires a USB dongle. These often use their own encrypted connection with the device that makes it less susceptible to attack.
And as always, make sure all of your devices have the most up-to-date security patches installed.
Jared Robinson is Hanscom FCU’s information security analyst. Before coming aboard he was a reporter and IT manager for his local daily newspaper. He has a M.S. in Cybersecurity and lives in North Central Massachusetts with his wife and their three cats.
Stay safe! Detect Safe Browsing from Easy Solutions® is a free anti-fraud solution that provides extra protection from malware when you log in to your Hanscom FCU accounts or visit our web site.
Others are reading: