Is your Bluetooth safe?

Bluetooth has become ubiquitous.  We use it to connect our phones, laptops, keyboards, mice, headphones, speakers, cars – more and more each day. Even watches now!

It seems to have got easier, maybe because we’re so practised with it.  Bluetooth is everywhere.

 

But is it safe?

Hackers like to go after things that are in common use.  That makes sense, as there are loads of targets and people get careless.

So, hackers do things like:

  • Bluejacking (Sending you messages via Bluetooth)
  • BlueSnarfing (stealing data via Blueooth)
  • BlueBugging (taking control of devices)

If the hacker can exploit a bug in Bluetooth, or your carelessness, and get access your device, then they can have free rein.   They could turn on your microphone and listen to you.  They can upload nonsense to your machine and disable it, or download your files.  They could make a phone call, of hijack your data connection.

While Bluetooth is generally encrypted, they shouldn’t be able to eavesdrop your connections, but you do need to be patched up to date, on your phone and your laptop.  (services like KARE for Mobile helps keeps phones up-to-date by identifying units that are running vulnerable versions).

To combat this threat:

  • Ban devices that use Bluetooth 1.x, 2.0, or 4.0-LE and ensure devices use the latest versions and protocols.
  • Change the default pincodes on devices, especially those with microphones like many common Blueooth headsets and speakers – 0000 or 1234 doesn’t cut it!
  • Keep devices patched up to date.
  • Turn off Bluetooth when you aren’t using it (it will also save your battery.)
  • Only ‘scan’ for new devices or make your device ‘visible’ when you actually want to make a connection.  (I’m always amazed at how many Bluetooth devices I can see and potentially connect to when I check this.)

Remember as well that although Bluetooth is only supposed to connect over relatively short distances, hackers can use aerials and boosters to reach further than you would expect.  Their prize is to eavesdrop on you, upload a malicious file to you, and ultimately to steal from you. 

Don’t make it easy!