When we think of threats from cybercriminals, we immediately think about Wi-Fi and the internet. Consequently, most of the security measures we use also revolve around being on the internet.
Meanwhile, the other standard of wireless connectivity — Bluetooth — is often overlooked as being an entryway for hackers. That’s despite hackers using sophisticated Bluetooth attacks to steal data and take complete control of people’s devices.
How common is Bluetooth hacking?
The number of Bluetooth hacks each year in the U.S. isn’t currently known. That’s due in part to the difficulty in identifying them. These attacks are often “silent” — unknown by the victims until they find out their data or credentials have been stolen.
The media commonly reports newly discovered vulnerabilities in Bluetooth’s protocols and in the chips that power the connectivity standard. For example, as recently as March this year, a security firm discovered a new vulnerability in the Bluetooth ESP32 microcontroller, that if exploited would allow cybercriminals to carry out impersonation attacks.
It’s often the case that these vulnerabilities affect millions of devices. In 2017 when a type of Bluetooth attack called BlueBorne (see below) was first discovered, it was estimated that 5.3 billion devices were at risk worldwide.
Any device with a Bluetooth chip is at risk of being Bluetooth hacked — that includes everything from phones, laptops, tablets, cars, watches, and even mice and keyboards. Company devices are just as vulnerable as personal devices, too, since most organizations don’t monitor device-to device connections or have any way to stop hacking.
Bluetooth hacks can have real world implications, as a Bluetooth security breach of U.S. hospitals in 2017 illustrates. The hackers managed to use Bluetooth hacking to attack medical devices like pacemakers and insulin pumps and remotely control these devices, thereby putting people’s lives at risk.
Types of Bluetooth hacks
There are 11 different Bluetooth hacking methods which take advantage of hundreds of vulnerabilities. For most of these attacks to be successful, the user needs to have their Bluetooth switched on and discoverable, but not in every case.
Here are three of the most common Bluetooth attack types used on laptops:
- BlueSnarfing: Hackers exploit vulnerabilities in Bluetooth’s OBEX File Transfer Protocol. After connecting to the victim’s device, they can then access files and information and steal data. BlueSniping is a type of BlueSnarfing where the hackers attack the victim’s device wirelessly at long range.
- BlueBugging: An attack in which hackers bypass Bluetooth authentication protocols and create a back door entry to the device. BlueBugging allows hackers to take full control of devices remotely.
- BlueBorne: An airborne hybrid trojan-worm that spreads between Bluetooth devices. It provides an entryway for possible secondary malware attacks so that the cybercriminal can take full or partial control of the device.
How to protect your device from Bluetooth hacks
As you’d expect, protecting your laptop and other Bluetooth devices from hacking involves paying close attention to your Bluetooth status and activity. Here are some top-line suggestions from the experts:
- Ensure your Bluetooth mode is set to non-discoverable mode when you’re not actively pairing with another device.
- Ensure your Bluetooth devices have strong authentication requirements like passwords or pin codes.
- Avoid pairing up Bluetooth devices in public places.
- Regularly update your device’s firmware or OS to patch Bluetooth vulnerabilities.
- Don’t accept unauthorized Bluetooth connection requests.
