Bluetooth is all about wireless communication. These days, we use Bluetooth technology everywhere – from headsets, which allow us to wirelessly operate our phones, to fitness devices that continuously log our health statistics and transmit them to our personal devices (phones, tablets, computers etc).
The name “Bluetooth” is an Anglicised version of the Scandinavian Blåtand, a nickname given to a 10th-Century Viking king, Harald “Blåtand” Gormsson. Bluetooth technology was named after King Harald, due to his abilities to unite dissonant Danish tribes into a single kingdom and persuade the factions to communicate.
The Bluetooth protocol includes an initial phase (known as pairing) where two devices establish shared keys, followed by a traffic protection phase where data is encrypted and authenticated with those shared keys. It is the pairing phase that is notoriously insecure.
Most Bluetooth devices use Passkey Entry for pairing, where access to one of the devices is protected with a 4 or 6-digit PIN (the passkey) and the other device has a keypad which can be used to enter the passkey. In some cases, Passkey Entry is secure, because the passkey-protected device generates a new random passkey before each pairing and displays it to the user. However, more commonly, the passkey-protected device does not have a display (such as a headset), so the passkey needs to be built into the device at the time of manufacturing and communicated to the user via the device’s user manual. In this case, even if each device has a different random passkey, Passkey Entry is not secure.
There are many security risks linked with using Bluetooth. Below are the main ones:
- Bluejacking – essentially Bluetooth spam. Any Bluetooth user can send what is basically an e-card to another Bluetooth user who is within a 10 metre radius. If the e-card is downloaded, it is added as a contact to the recipient’s address book and can then be used to send messages to the recipient’s device. You may have experienced this while roaming through a shopping centre and having advertising suddenly appear on your phone (e.g. “30% off frames at OpticalShop”). If the attacker uses a directional antenna or amplifier, the spam can be sent to Bluetooth devices over 900 metres away. This was demonstrated by security researcher Joshua Wright who used an antenna to hack a Bluetooth device in a Starbucks from across the street.
- Bluesnarfing – is the unauthorised access of information from a wireless device through a Bluetooth connection, often between smartphones, and computers. Hackers can access calendar entries, contact lists, emails and text messages, and on some phones, pictures and private videos.
- Bluebugging – this is more dangerous than other security risks. Attackers can remotely access a Bluetooth-enabled phone and use its facilities without the user knowing. This could include listening to calls, re-directing incoming calls, making calls and sending text messages. As you can imagine, this could rack up a hefty phone bill. Bluetooth-enabled car stereos are also vulnerable to this type of attack.
The more recent Bluetooth versions, 4.0 and 4.1, did solve some of the previous risks, however, devices utilising Bluetooth Low Energy (LE) – a feature used to maximize battery life – are still vulnerable to eavesdropping.
The reduced power consumption that comes with Bluetooth Low Energy technology is perfect for devices that are continuously transmitting information, such as wearables. However, this leaves the devices, such as FitBits, vulnerable to being intercepted by hackers while they are transmitting their fitness data to smartphones. It is easy for the hackers to work out who owns the device.
Protecting against Bluetooth attacks.
Bluetooth attacks rely completely on abusing the permission request/grant process that is the used for Bluetooth connectivity. Below are some simple tips on how to protect yourself and your devices from Bluetooth attack:
- Switch off your Bluetooth feature when you’re not using it. Note: This will also conserve battery power.
- Avoid devices that use Bluetooth 1.x, 2.0 or 4.0-LE.
- For Bluetooth headsets, change the default PIN code. And switch off the headset when not in use.
Bluetooth definitely serves a purpose, but everyone should understand the risks.