Are you sharing more information than you want to?

When you’re on your phone, is it really only you looking at the screen? When you’re on your social media, and you’re posting a picture of this rad party you went to last night, are you really only letting friends and family see the post? When you’re streaming on Netflix and watching the newest Netflix Original, are you the only one really

watching? If you think about your every day activities, we put absolute trust in our technology to hold our information securely. Our technology isn’t perfect and has flaws and vulnerabilities that we must take into consideration.

Bluetooth

Bluetooth isn’t the newest and shiniest technology on the block, but it’s popularity continues growing as everything becomes wireless. Now anything is “

hackable,” but Bluetooth opens a window for hackers to look into your devices. A multitude of us have smartphones with Bluetooth capabilities, and I’m guessing Bluetooth is currently running as you’re reading this post. With Bluetooth actively running, you open up a vulnerability point to any hackers looking for some information and even sending data without your permission. You can open your Bluetooth settings right now and probably see a bunch of unfamiliar devices to connect with. All of these devices are discoverable to anybody, including hackers, and anybody can connect to those devices.

Hackers

So what exactly can the hackers do when your smartphone or Bluetooth device is actively scanning for something to connect with? Well this situation depends on what the hacker wants to achieve, and these attacks are categorized into three categories: Bluejacking, Bluesnarfing, and Bluebugging.

• A Bluejacking Attack is most commonly used when unsolicited text messages are sent to the device via Bluetooth. Bluejacking attacks are usually harmless and catch the owner off guard.
• A Bluesnarfing Attack is when a hacker obtains some unauthorized and private information from the Bluetooth connection. Examples of private and unauthorized information would include contact lists, emails, and text messages among other features.
• A Bluebugging Attack is when the hacker has taken total control over the device from the Bluetooth connection and can listen to calls, send text messages, etc. A bluebugging attack is the most damaging attack of the three but is also the hardest for the hacker to accomplish because they need more information about your device.

The Attack

Having your smartphone’s Bluetooth capability on basically makes you a walking target. As an example, a user from How Stuff Works explains how a hacker can haunt a socialization hub, like Starbucks or the mall, where they can find multiple Bluetooth devices to bluejack. The hacker creates and anonymously sends a message, selecting their target from the discoverable Bluetooth devices. As a result, the targeted user receives the message, causing confusion and panic.iPads, Samsung tablets, and Microsoft’s Surface Books are the new lighter, more portable versions of laptops. Although, some users don’t care for the tablet’s virtual keyboard and instead connect a Bluetooth keyboard with the tablet wirelessly. Depending on the version of Bluetooth the keyboard is using, a hacker could potentially capture the Bluetooth packets sent to the tablet from the keyboard. The hacker would then decode the Bluetooth packets, packets of information sent between the Bluetooth devices, and see which keystrokes you typed in. This attack scenario would mean the hacker could capture your keyboard’s Bluetooth packets and find out your messages, passwords, etc., making this a bluesnarfing attack.In the most extreme scenarios, a skilled hacker could use certain software applications to eavesdrop on your phone calls and possibly intercept and reroute messages through your smartphone’s Bluetooth connection, all without your knowledge. This attack is classified as a bluebugging attack.

The Defense

Switch off your device’s Bluetooth discoverable mode! Switching off you device’s Bluetooth discoverable mode is the easiest and most secure way to prevent hackers from using the Bluetooth connection. What if I’m constantly connecting to Bluetooth devices, like my headphones and car? Can I still get hacked? This situation depends on what version of Bluetooth your Bluetooth devices are running. Most can categorize Bluetooth into two major groups: Bluetooth Classic and Bluetooth Low Energy. Bluetooth Classic can handle more data transfers and streaming but quickly consumes battery. In comparison, Bluetooth Low Energy (BLE) uses significant less energy, as the name implies, allowing you to use the devices longer. However, cutting the energy consumption also cuts the security of the device. Between the two types of Bluetooth, they share a common way of connecting Bluetooth devices. When you initiate the Bluetooth connection process with your smartphone, you will have the option of pairing with another Bluetooth device. This Bluetooth device could ask your smartphone for a pairing key, or the device could automatically pair with your smartphone without any verification. Obviously, the Bluetooth device using a pairing key is more secure. However, most pairing keys have the default as 0000, making the key an easy guess and not secure. As a solution, you should change the default key.

Conclusion

Bluetooth, like any of the technology we use today, has security concerns we need to take into consideration. Anybody has the ability to listen into what’s broadcasting from your Bluetooth device, making your device known therefore making your identity known. Remember, protect your information from Bluetooth attacks by switching off Bluetooth discoverable mode.

References