Bluetooth Technology

Bluetooth technology is an extremely effective tool that allows users to connect wirelessly to other Bluetooth enabled devices. For those who are unaware, Bluetooth is a technology that enables an exchange of data between devices that are located within a short distance (for most devices, the range is about 30 feet when there are no walls or other obstacles present). Devices that contain Bluetooth technology include smart phones, laptops and desktop computers, vehicles, wireless headphones or speakers, smart watches, and even internet connected devices. Therefore, a user can connect their smartphone to their wireless headphones or speakers to play music or connect their phone to their vehicle to talk on the phone “hands free” while driving. Users can even use Bluetooth technology to share images with another Bluetooth-connected device (on Apple devices, this is commonly referred to as “Air Dropping” and on Samsung phones it is called “Quick Share”). While there are many benefits to utilizing Bluetooth technology, there have been a lot of articles noting security and privacy concerns to be aware of when Bluetooth is left on (or enabled) after a user has ended the connection between devices.

BLUETOOTH HACKING – IS YOUR SOFTWARE UP TO DATE?

 Security researchers are constantly finding new threats to device security.  For example, in 2017 Armis, a security research firm, discovered a Bluetooth vulnerability known as “BlueBorne”. When hackers used the “BlueBorne” to attack a device, they were able to control Bluetooth-enabled devices remotely, which gave them the opportunity to steal data from the device. Additionally, the “BlueBorne” could spread from one phone to another phone, like a virus. This gave hackers the ability to infect more phones without having to physically be within the 30-foot range of each device.  Fortunately, the security research firm was able to create a security patch for devices to prevent the “BlueBorne” attack. A security patch is code for the operating system that fills in the vulnerability to prevent hackers from exploiting the vulnerability.

 As cybersecurity firms identify new vulnerabilities in the Bluetooth software, they create new security patches which are rolled out in updates to the software or devices; however, they are only helpful when users update their software. Therefore, updating the software on Bluetooth enabled devices is crucial to eliminate any known vulnerabilities from being exploited and keep your devices secure.

BLUEJACKING – ARE YOU RECEIVING UNSOLICITED OR PHISHING MESSAGES VIA BLUETOOTH?

 On smart phones and laptops, the Bluetooth setting has the option of being enabled or disabled. When an individual leaves their Bluetooth enabled on their smart phone, they open themselves up to “Bluejacking”. “Bluejacking” is when someone uses a device’s enabled Bluetooth connection to send unsolicited messages. Messages may be a harmless prank from a teenager but could also be a phishing attack. Many people are aware of Phishing emails; however, Phishing messages can be sent via Bluetooth connection. A malicious actor may use “Bluejacking” to send a phishing message to a smart phone or laptop, pretending to be a trusted source, such as a bank, phone company or social media application. The message typically entices the user to click a link that leads either to a website that automatically downloads malware to a device or a fake website designed to look similar to well-known companies and requests the user provide login credentials or other sensitive information.

 To avoid any “Bluejacking” pranks or Phishing messages shared through Bluetooth connection, it is advised that users disable the Bluetooth setting when they have finished using the connection. However, if a user is connecting to Bluetooth devices multiple times per day, it may be tedious to enable and disable the Bluetooth setting before and after using. Alternatively, a user can adjust their device settings to prevent unknown contacts from sharing messages via Bluetooth connection.

IS YOUR DEVICE PAIRED TO A VEHICLE?

 If you connect your smartphone to a vehicle, your phone’s data may be shared with the car. If it is your personal car, it may not be an issue; however, if you connect to a rental car, you want to be aware of the data your phone is sharing with the rental car. Major car-rental companies have no policies to delete sensitive information collected during the trip after you return the car. Your name and navigation history are considered valuable personal information. Using such data, combined with information publicly available on the internet and social media platforms, a malicious actor could track down an individual. Data that could be collected by a vehicle includes your email address, GPS history, phone book, call log and text messages (if hands-free calling and messaging is used), music streaming login, and more.

 Interestingly, thus far, data collected on vehicles has been used to fight crime. One man was able to track down teenagers that took his car for a joy ride, using the phone usernames that were stored in the car’s device list. Alternatively, people with malicious intentions can also use data to track people down. To protect yourself, before returning a rented car AND before selling or trading in your personal car, take the time to delete your personal data from the vehicle. This can be done by going into the system settings or Bluetooth settings and deleting your device from the “paired phones” list; or by restoring the vehicle to the factory settings. If you are having difficulty, the car manual can guide users through unpairing a phone and deleting information.

SHOULD YOU BE CONCERNED ABOUT BLUETOOTH HACKING?

 Generally, most people should not be concerned about Bluetooth hacking. Cybercriminals typically target people with high level security clearance. However, it does not hurt to be extra cautious. IT professionals recommend the following: