Bluetooth has been around since 2000. While it is used primarily for wireless personal area networks, it has become a seamless way for users to connect devices and can be deployed in a variety of ways via integration into many types of business and consumer devices, including cell phones, laptops, automobiles, medical devices, printers, keyboards, mice, and headsets.
Here are just a few of the ways hackers can wreak havoc on your mobile devices using Bluetooth vulnerabilities:
Viruses and Worms
While it may seem trivial, the simplest act of connecting a Bluetooth keyboard to your phone or tablet can potentially lead to malware and other damaging files being installed on your device.
Bluetooth keyboards are notorious for typing errors, which can lead to mistyped web addresses, wherein even one misspelled letter of a common website name will land you on a viral site. Furthermore, as smartphone screens are smaller, counterfeit websites are becoming dangerously more difficult to spot. Consequently, once a virus has been installed, it can open the device to Bluetooth security vulnerabilities amongst other issues.
Bluesnarfing is the use of the Bluetooth connection to steal information from a wireless device, most commonly smartphones, tablets, and laptops. Typically, scammers will break into smartphones or tablets using a device that allows them to find open networks and Bluetooth devices left on continuously and in “discovery mode”, hence visible to all. Furthermore, they can do this from up to 300 feet away. Once a device is compromised, hackers can potentially gain access to all contacts, emails, addresses, calendar information, passwords, photos and any other personal information as well as tapping for long distance and 900 numbers on your dime.
Bluesnarfing has even spread to the use of “Bluetooth-enabled Skimming Devices” on or inside payment systems, in-turn wirelessly sending your account numbers and even pin codes to the hackers Bluetooth-connected device instantly upon purchases made.
Denial of Service Attacks (DDOS)
DOS attacks occur when an attacker uses his Bluetooth device to repeatedly request pairing with the victim’s device. Unlike the detrimental effects of these attacks on a network, it is mostly just a nuisance on mobile devices. Consequently, it can still drain a device’s battery, block communication, and/or cause freezing and paralyzing behaviour, crashing your device altogether.
While mostly seen in older generation phones, Bluebugging is the gaining of access to a Bluetooth device and then performing device commands wherein the user has absolutely no idea what’s going on. Such commands can be eavesdropping on phone conversations, placing phone calls, sending/receiving text messages, and even connecting to the internet.
Bluejacking is relatively harmless and originally became popular by allowing a hacked phone to send anonymous messages to other phones in the vicinity without knowing the exact source of the received message to the recipient. It most often occurs in crowded places where there is a high percentage of Bluetooth enabled devices, such as shopping malls, airports, and subways. Recently it has become more popular due to its exploitation of sharing programs such as Airdrop, wherein hackers will anonymously drop or “cyber flash” offensive images, documents and videos to their devices, mostly to achieve shock factor.
What can you do?
Short of disabling Bluetooth altogether, there is really no ideal way to avoid any of these attacks, however certain measure can be taken to make yourself less of a target.
- The simplest prevention is to turn off your device’s Bluetooth when not using it.
- Upgrade your phone if applicable! The older your phone is, the more susceptible it is to Bluetooth hacking.
- Keep your phone firmware updated.
- Within the professional sector, set user policies that unambiguously list approved uses for corporate Bluetooth devices, specifying the types of information allowed to be transferred via Bluetooth networks.
- Mobile discovery modes on most devices are activated by default. Be aware of this and deactivate when necessary.
- Use at least 8 characters in your pin as every digit adds approximately 10,000 more combinations to crack it.
- If using a sharing app such as Airdrop, either keep it off when not using or ensure it is set to “contacts only”
- If your device has an option to use “invisible” mode, utilizing this setting will make you far less susceptible.
- Never accept pairing requests from unknown users, require user approval for connections requests, and avoid pairing devices for the first time in public places.
- Finally, there are some tools available that can be configured to detect any unauthorized Bluetooth connection between your device and nearby devices.
To learn more about Bluetooth vulnerabilities, sign up for our OSINT course today at https://www.chenegaeurope.com/osint-training/