Most anyone who uses a cell phone knows what Bluetooth is; Bluetooth headsets and dongles sell like hot cakes. Everyone loves the wireless technology that allows them to talk on the their phones without having to hold them and also send data to and from the phone quickly, easily, and wirelessly.
In many overseas countries Bluetooth is even more popular. Some have special kiosks you can connect to and get a free game or ringtone sent to your phone. However the fun and convenience do not come without risks. Here’s a look at the most common Bluetooth security issues.
This attack targets any Bluetooth enabled device. It happens when a hacker finds a Bluetooth device in discoverable mode and sends an unsolicited message or photo to it. The attack can be harmless and meant to shock or amuse — it can also be malicious. For example, a hacker could send a message to someone over Bluetooth with something enticing that makes them respond and/or add them to their address book. This sets up the recipient for everything from spam to phishing attacks. In a simpler form of Bluejacking, the messages themselves can be spam or otherwise unpleasant in nature.
This type of attack, while quite harmful, is targeted mostly at older Bluetooth devices. Hackers exploit a firmware flaw in those devices that forces a BT connection and allows them to access the device’s data and even the device’s IMEI which could actually let them reroute calls from the victim’s device to theirs.
This type of attack is also targeted at old devices. By exploiting a firmware flaw, a hacker can access the phone without the user’s knowledge and access data, listen in on phone calls, send messages, and more.
This attack targets hands free car kits. By using a software tool, a hacker can exploit a flaw in them that allows them to send or receive audio from the car kit. They can eavesdrop on calls made from it and transmit audio to the car’s speakers.
How can you protect yourself? The first thing to do is always make sure your device’s firmware is up to date and that any hotfixes or patches issued for it are installed. Once you’ve done that the most important step you can take is to not leave your device in discoverable mode and to disable Bluetooth when you’re not using it.
When you leave your device in discoverable mode it is open and visible to other devices, much like an unsecured Wi-Fi network is. That makes it easy for a hacker to connect to it. Even when in undiscoverable mode it’s technically possible for a determined hacker to find your phone and connect to it, so it’s a good idea to change your pin from the manufacturer’s default to something more complex. Finally, check your device’s list of paired devices regularly and if there is any unknown device on the list delete it immediately.
Have any thoughts, questions or comments? Let us know!