How Secure Is Bluetooth? | Tutorial
If you've been keeping an eye on the cybersecurity news over the past year, you may have seen some attacks via Bluetooth. Examples such as BlueBorne have very scary-sounding prospects for smartphones that use Bluetooth for connecting to external devices. This then raises the question: just how secure is Bluetooth? Is it safe to use, or is it so full of holes you might as well keep it turned off?
Kinds of Bluetooth Attacks
It may sound strange that people can attack devices over Bluetooth, but it makes sense when you consider it. Given how all kinds of accessories can connect over Bluetooth, you can access all kinds of features over a Bluetooth connection. While it's meant to be utilised for productive means, hackers can use it for the following:
- Bluejacking, where people can send unwanted messages to others,
- Bluesnarfing, which can access people's private information,
- Bluebugging, which is usually done on a phone with an outdated Bluetooth interface that allows the pairing of devices without the user's consent. This can then be exploited to control the phone's features.
Scary, right? While Bluetooth has its flaws, it's not entirely insecure. There's plenty you can do, as a user, to stop an attack from happening!
How Attacks Work
To figure out how we stop an attack, we need to figure out how hackers manage to execute in the first place. To do this, they need a device that's currently broadcasting a Bluetooth connection. This is how Bluetooth connections are made, by a device broadcasting its presence and allowing users to make a request to connect to it.
There's a lot of security already built in to Bluetooth to stop people getting in without permission. If you've ever set up a Bluetooth device, you'll know that you have to perform a “pairing” where you tell each device that it's okay to connect to one another. This stops people from simply connecting to you without you knowing. Of course, hackers wouldn't have methods of breaking into Bluetooth if this was enough to stop them!
The key here is that Bluetooth-enabled devices typically broadcast the fact that Bluetooth is enabled, giving an avenue to attackers to get into the device. The solution, therefore, is keeping track of what is being broadcast.
Stopping the Broadcast
You may have seen a setting on your device's Bluetooth settings that asks if you want it to be “discoverable.” This is computer-speak for a Bluetooth device that is constantly broadcasting its presence so that other gadgets can pair with it. If a gadget can't see the device, it can't make a pairing! You'll want this turned on when you want to pair your computer or phone with a Bluetooth-enabled device.
Once the pairing is complete, you can make your device undiscoverable to hide it from everyone. The accessories you've paired with can still connect to your device when it's undiscoverable; they've done their meetup and “secret handshake” and no longer need to search each other out. Each device has its own way of becoming undiscoverable, so check with your manufacturer to see how to do this.
Doing this makes it very hard for a hacker to access your Bluetooth. If they have the means to connect to an undiscoverable device, they still have to know a) that your Bluetooth is switched on, and b) what your device's Bluetooth name is. This is very tricky to do, so hackers are more likely to find someone that's actually broadcasting their details.
Even if you're only learning about broadcasting for the first time now, there's a good chance you've already been covered the entire time. Some devices are designed to automatically control when its Bluetooth name is broadcast to help keep you secure. Android devices, for example, only broadcast their name when you're in the Bluetooth Settings screen to find other devices. Once you back out of that screen, your phone goes dark again.
Turning Off Bluetooth
Once you're finished using your Bluetooth devices, you can turn off your Bluetooth adaptor altogether. Not only does this save on battery power on mobile devices, but it makes it totally impossible for hackers to access it via Bluetooth. Laptops and smartphones usually have a quick way to turn Bluetooth on and off, either as a button on the device or a toggle in the operating system itself.
How Secure Is Bluetooth?
So to answer the question just how secure is Bluetooth, it turns out that while it has its occasional flaws (just like other popular wireless communication methods), it's easy to keep yourself safe from hackers. Simply keep your device undiscoverable after pairing, and turn it off altogether when it's not being used. That way, you can avoid being the target of attacks.
Do you feel safe using Bluetooth? Let us know below!
Image credit: Unicode bluetooth device name