Security Experts Warn of Unsafe Bluetooth Connections

bluetooth-logo

TechViews News   …..

Your Bluetooth connection is unsafe. Very unsafe. That’s the message from DEF CON 27, the world’s largest hacker convention.

Bluetooth, which is a wireless technology for connecting everything from wireless earphones to car entertainment systems, is hacker heaven.

“People can track you with your Bluetooth devices. The problem is chronic with devices like headphones or fitness trackers,” noted Security Boulevard in a post entitled “Securing devices,” adding that many Bluetooth devices “ have gaping holes just waiting to be hacked.”

The recent KNOB attack, disclosed on Aug. 13, is an example of how unsafe Bluetooth connections can be. The “severe” vulnerability in the Bluetooth security specification can allow an attacker to potentially change the connection of nearby Bluetooth devices, according to a web page on the attack.

As the New York Times and others have reported, many stores now use Bluetooth beacons to track the location of individual shoppers down to the inch. That information is often sold or given to advertisers, who then use it to build data profiles on unwitting people just trying to buy a carton of milk.

Bluetooth is a wireless protocol just like WiFi

Most users don’t know that if they connect devices through Bluetooth, then they are using a wireless protocol that can be captured and modified, just like WiFi. “If you use your Bluetooth for connecting music or audio, then be aware that someone could intercept that signal and change its security credentials to gain access to one or both of the devices that are connected”, said Adam Kujawa, director of Malwarebytes Labs.

“What comes after that is either total control of your device, or capturing and downloading personal data from your device.”

“When using Bluetooth for other things, like data transfer or headset phone calls … the likelihood that an attack could result in damage increases”, he said.

“Most of the tools to do effective hacking are easily available and affordable. In addition, the skills required to launch this kind of attack are in the intermediate area. A bad actor with a little skill and a little money could intercept your Bluetooth signal and cause all kinds of problems.”

But Jake Kouns, chief information security officer at Risk Based Security, says that the big picture is not being publically addressed.

“The widespread use of Bluetooth means a single vulnerability can have a devastating impact on an ever-growing list of devices,” he said in an email to Fox News.

“Further compounding the problem, many Bluetooth-enabled consumer devices are not typically easy to update, and in some cases can’t be updated,” he said, making them forever vulnerable to attack.

But is it practical to turn off your Bluetooth every time after using it?

“Any time I hear the advice to turn off Bluetooth, it does feel awkward as there should be a better option,” Kouns said.

“But realistically and unfortunately, in many cases turning off Bluetooth is the best suggestion,” he added.

One thing to keep in mind, Kouns said, is that many consumer devices only need to have Bluetooth enabled for one-time setup procedures. After that, Bluetooth can be turned off. Setup is not necessary each time you connect.

The issue is when a device needs to have a Bluetooth connection turned on and in use, or turned on all the time.

“Bluetooth headsets, fitness trackers and smartwatches are just a few examples that typically require Bluetooth to be turned on all the time to allow real-time data syncing, including receiving alerts and messages,” Kouns said.

Be aware of which devices are using Bluetooth, he noted.  Often, consumers have no idea which devices are using Bluetooth and which are accessing confidential data, according to Kouns.

“The development of Bluetooth is focused on functionality and expansion of use rather than security,” Malwarebytes Labs’ Kujawa said. “Security was never considered to be a problem in short range connections – until the art of hacking came along.”

But this will likely change going forward, he said.

The Bluetooth Special Interest Group (SIG)

Bluetooth technology was originally initiated by Ericsson in 1994. Four years later, five big companies namely IBM, Intel, Nokia, Toshiba and Ericsson laid down the Bluetooth Special Interest Group (SIG) to improve and contribute to the progress of the technology by research and development.

The Bluetooth Special Interest Group (SIG) has become the trade association that oversees Bluetooth technology. It now says that it prioritizes security and that the new Bluetooth specification soon to be released “provides advanced security features that adhere to global requirements.”

But until the new specification is fully adopted and new Bluetooth devices hit the market, users need to be very careful.

Essentially, keeping Bluetooth enabled on your phone at all times opens you up to potential hacks, abuse, and privacy violations. The solution is simple: Don’t use it. Or, if you must, make sure to turn it off as soon as you’ve unpaired from the device in question.

That precaution may seem like a pain in the ass now, but any frustration that comes from repeatedly pairing and unpairing your gadgets pales in comparison to getting hacked or having your privacy systematically violated.

Be Safe – Backup Your Data Regularly!

**********

And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.

Advertisements