Enjoying wireless connectivity is all about balancing convenience with security. Bluetooth devices, such as wireless headsets, speakers and microphones, make it easy to seamlessly take hands-free calls while driving or to move around freely while listening to your favorite music, among other use cases.
Using these devices does represent a security trade-off, though. Open Bluetooth connections can be exploited by malicious actors. Fortunately, there are steps you can take to limit your exposure to these risks.
Bluetooth security risks
Bluetooth security risks have grown and diversified in recent years, and criminals are only getting more creative. Here are some of the most notable recent threats to avoid.
Thieves searching for hardware to steal
In November 2019, WIRED reported on a new trend that married high-tech snooping with old-fashioned burglary: Criminals can leverage legitimate Bluetooth scanners, which are sometimes surprisingly simple to use, to pick out target cars based on which vehicles might be secretly harboring a valuable piece of technology. That way they can rest assured that once they break a window, there will be something behind it that they can resell.
Sometimes data is more valuable than equipment. Bluetooth security vulnerabilities can also make targeted attacks possible for more technologically sophisticated crooks. In August 2019, citing research published with the USENIX Association, Ars Technica reported on one such possible maneuver. Known as Key Negotiation of Bluetooth (KNOB), this exploit makes it possible to intercept data — including keystrokes, address books and more — as it’s transmitted between devices.
Bluetooth connections can also serve as a delivery pathway to facilitate malware uploads and data exfiltration. An article from Engadget in February 2020 reported that researchers from ERNW had outlined a newly identified vulnerability known as BlueFrag, which enabled ill-intentioned perpetrators to spread malware to nearby devices that run on Android 8 Oreo or Android 9 Pie.
Best practices for mitigating Bluetooth security risk
In addition to keeping your devices up to date with regular patching and upgrades, there are a couple of important actions you can take, as outlined by the Cybersecurity and Infrastructure Security Agency, to lower your Bluetooth security risk profile.
Turn off Bluetooth when you’re not using it
Turning off Bluetooth connectivity whenever it’s not actively in use is the most important thing you can do to prevent outside parties from locating Bluetooth beacons, accessing your information or disrupting your system.
While it is turned on, use hidden mode for Bluetooth
Hidden mode, otherwise known as nondiscovery mode, is the preferred way to use Bluetooth connectivity. Here are step-by-step instructions for using this feature, which is more secure than using Bluetooth in discovery mode:
- Turn on discovery mode for the Bluetooth item that you would like to connect to your smartphone, laptop or other device.
- Turn on Bluetooth for your smartphone, laptop or other device.
- Using your device, pair it with the Bluetooth item that you want to connect.
- If it does not automatically do so, take the Bluetooth item out of discovery mode.
Now, your paired devices should be able to connect without having to use discovery mode. Remember to periodically review your device’s Bluetooth settings to update permissions or unpair from Bluetooth items you no longer use.
For more cybersecurity advice and support, from PC tune-ups to antivirus products and mobile security, consult Total Defense. We have a wide variety of products on solutions available for home use and professional protection.