You are surrounded by Bluetooth devices – fitness trackers, headphones, speakers, and smart home devices all use this connectivity system. They share your data with one another and the web, and where there is data, there are always hackers waiting to steal it. Is Bluetooth actually as unsafe as it seems? Let’s find out.
Jan 21, 2021 · 5 min read
Bluetooth connections have been around for a few decades, so hackers have found many ways to abuse it. There are quite a few Bluetooth vulnerabilities you should be aware of, which are usually exploited in the following types of Bluetooth attacks:
If a hacker manages to get into your smartphone, they can get tons of sensitive information about you. This can later be used in social engineering attacks, to blackmail you, or to hack into your bank and other accounts.
However, the worst part about Bluetooth attacks is that security researchers find new ways the connection can be exploited every year.
Hackers can use Bluetooth to track your location. To do so, they only need two things: a device that constantly uses Bluetooth connections and a unique device identifier. How does it work?
Two devices that connect over Bluetooth recognize each other by exchanging a piece of information that you can think of as something similar to an device address. Most devices change them regularly, like when the connection is re-established or when their batteries are drained. However, security researchers have recently found that some devices, like fitness trackers, keep the same address no matter what. Hackers can use this number as a unique device identifier.
To make matters worse, such devices constantly transmit this signal to remain connected to your phone and provide accurate, real-time results.
Security researchers have also recently discovered a hacking technique that weakens Bluetooth encryption and makes it easier to crack. Two devices connecting over Bluetooth need to exchange cryptographic keys to establish a secure connection. However, not all devices support long and secure encryption keys. Therefore, they need to “talk” to each other to decide on the key length.
In Key Negotiation of Bluetooth (KNOB) attack, hackers intercept this process and make one of the devices “offer” to use a weak encryption key that can be as short as 1 byte. Once such a connection is established, a hacker can use a simple brute force attack to break the encryption and start watching the traffic being exchanged between the devices.
Hackers can also use Bluetooth to cause a Denial of Service. They can crash your device, block your smartphone from receiving or making calls, or drain your battery. Even though it may not help them steal your data, it may cause confusion or simply be very annoying.
Apps on your phone might also be secretly using your Bluetooth connection to harvest data and track your location. The new iOS 13 was designed to notify users of apps that compromise their privacy, and it did exactly that. It has already picked up on Facebook and Youtube abusing users’ Bluetooth.
If Bluetooth has so many vulnerabilities, why do we still use it? Mostly because Bluetooth hacking isn’t that common in real life. Why?
Taking this into account, it's safe to say that you wouldn’t want your Bluetooth on at DEFCON, the biggest hacking conference in the world. But in reality, using Bluetooth regularly should generally be OK.
However, that doesn’t mean you shouldn’t do your best to protect yourself, so here are a few easy steps you can take to ensure a secure Bluetooth connection.
The simple answer is no. A VPN won’t specifically protect you against Bluetooth vulnerabilities, but it is the best, most inexpensive way to protect yourself online. A VPN will secure you when you’re connected to public Wi-Fi, using encryption to stop snooping ISP’s or malicious actors in your network from stealing your data. Think about using a VPN, especially when you’re tethering to a friend’s hotspot via Bluetooth. Your mobile service may be monitoring the connection, and could be slowing it down.
Want to read more like this?
Get the latest news and tips from NordVPN