Types of Bluetooth Attacks in 2020
The primary use of Bluetooth involves connecting multiple devices without using either cables or wires. This wireless technology allows us to make safe calls when behind the wheel, listen to music on our walks, talk to loved ones through a microphone, and share files. Devices with built-in Bluetooth adapters enable us to connect and transmit the information necessary to perform these tasks.
Whenever we hear the word “hacking,” people usually link it to computer hacking. The truth is that almost any electronic device is prone to cyber-attacks – from IoT smart devices to smartphones. Famed computer security expert Gene Spafford is quoted as saying, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts”. Since we use our mobile devices to browse the web, check our bank accounts, and buy things online, smart devices have become the target of many modern hackers.
Hackers can potentially gain access to a smartphone through the Bluetooth wireless protocol, just like your legitimate devices. There are a number of vulnerabilities and issues which each have their own set of risks. Some are harder for hackers to pull off than others. We also can’t account for unknown or known but undisclosed vulnerabilities. If hackers have access to what is known as a zero day exploit, they can compromise software technologies without most people knowing about it. Read on to learn more about the vulnerabilities in Bluetooth that we do know about.
Hackers are Finding Vulnerabilities in Bluetooth Technology
Bluetooth was first introduced in 1998, and since then, it was incorporated into almost every device that can hold personal data, as well as into many that don’t (e.g., IoT devices). We can find Bluetooth radios in laptops, desktop computers, cell phones, TVs, keyboards, “smart” toasters, and even credit card skimmers.
If it requires short-range wireless network connectivity to transfer data, Bluetooth is the way to go. And from a security point of view, it’s easy to think that this technology is relatively harmless because most people believe that it has a short-range. The range actually depends on a number of factors including the radio antenna in the device. The physical range can go from less than 10 meters (33 feet) up to 100 meters (330 feet). Bluetooth version 5.0 has a greater range of 40 meters (100 feet) up to 400 meters (1,000 feet). For someone to perform Bluetooth hacking, they need to be within range of your device and Bluetooth radio to be able to exploit it. Many people believe that their device can’t be hacked, however, this assumption could be very wrong.
An encrypted Bluetooth connection will not stop hackers from finding a vulnerability and taking advantage of it to eavesdrop on connections or take control of devices. The range of any radio technology can be extended to over a mile using an omni-directional antenna.
Most Common Methods for Bluetooth Attacks in 2020
Hackers can access a device by using several techniques, such as:
- Bluebugging. Bluebugging is a type of a Bluetooth attack through which hackers can access a device and eavesdrop on phone calls, connect to the Internet, send and receive text messages and emails, and even make calls (while the owner is unaware of it). It is usually associated with older phone models.
- Bluejacking. Bluejacking was once used for making pranks on people. It’s the most common type of Bluetooth attack and is rather harmless and childish because a hacker can only send spam in the form of text messages to the hacked device. Bluejacking doesn’t give hackers access to your smartphone or the data on it. Keep your Bluetooth settings to non-discoverable or invisible, or just ignore the messages you receive.
- Bluesnarfing. Hackers can perform a bluesnarfing attack on devices when they are within 300 ft (around 90 meters). This is one of the most dangerous Bluetooth attacks because, even if your device is in a non-discoverable mode, hackers can attack it and gain access to all the personal information in your device. They can copy all the content on your device, including your pictures and videos, phone number, contact list, emails, and passwords. However, the invisible mode makes it more difficult for hackers to figure out the model and name of your device.
- Car whisperer. The attack takes advantage of a common flaw in Bluetooth vehicle implementation wherein certain car manufacturers use the same 1234 or 0000 passkeys for authentication and encryption. Hackers can use a laptop and a Bluetooth antenna to connect and listen in on hands-free conversations or talk directly to the people in the car. Secure your car’s audio, Bluetooth headset, and entertainment system by changing the manufacturer’s PIN code.
- Location tracking. A Bluetooth attack used for locating and tracking devices. Those usually prone to this attack are fitness enthusiasts because their fitness wearables are always connected to their Bluetooth.
- BlueBorne. To perform a BlueBorne attack, hackers need to infect your device with malware. That will allow an attacker to take control of the device. What makes things even worse is that, once your device is infected, it can infect other devices it connects to. If your device’s software is outdated and doesn’t use a VPN, it is vulnerable to BlueBorne attacks.
Hackers can be motivated to hack Bluetooth enabled devices for various reasons that may include:
- Accessing personal data and demanding blackmail or a ransom
- Eavesdropping on communications like phone calls and texts
- Infecting a device with malware to steal credentials
- Stealing financial information (e.g., PayPal login information or Tax returns)
According to a recent PWC survey, 71% of manufacturers plan to employ IoT technology despite associated cyber risks. That tells us that the IoT deployment has taken a steady course and cannot be stopped. It is well-known that IoT devices bring more security challenges in terms of defending corporate networks. To keep their networks safe, enterprises must know the risks of deploying these devices and how to mitigate them.
In terms of IoT device vulnerabilities and leveraging them to one’s benefit, Bluetooth is an area that is frequently overlooked. From a security point of view, people tend to see Bluetooth as a harmless technology because of its perceived short-range (hackers need to be in proximity to be able to exploit it, and people believe that even if they are, there’s not much they could do). Bluetooth connections are protected with encryption, but hackers continue to find and exploit vulnerabilities. Once a hacker gains access to a Bluetooth-enabled device, they could potentially access data on that device.
BlueBorne is currently one of the biggest threats to exploiting Bluetooth security vulnerabilities. It is an entire collection of vulnerabilities (first revealed in 2017) that can allow hackers to take over a device, establish MITM attacks, or infect it with malware. Since security patches have been made available, most up-to-date devices are protected, but there are risks for unpatched Android devices.
More recently, security researchers found more bugs in certain implementations of BLE (Bluetooth Low Energy), potentially exposing about 500 devices to attack, including smart locks, fitness trackers, and a wide range of medical implant tools. These vulnerabilities were collectively named SweynTooth. The flaws exist in certain BLE software development kits that come with microchips that integrate all of a device’s components. To develop new products quickly, IoT manufacturers tend to turn to off-the-shelf SoC (system on a chip), allowing flaws to propagate across a range of device types. Once within radio range, an attacker could launch attacks to any targeted device and potentially crash it in their attempt to take the device over.
Importance of Taking Reasonable Precautions
The risks associated with Bluetooth are real, but that doesn’t mean that you should avoid using it. The risk is actually low – hackers need to be within 100m of you (for a Class 1 Bluetooth device) or 10m (for a Class 2 Bluetooth device). Also, hackers need to have a specific goal in mind for your device and be sophisticated enough to perform an attack. However, you shouldn’t overlook taking reasonable precautions.
Don’t connect your device to unknown devices or in the presence of another Bluetooth-enabled device. Disable Bluetooth when not using it, and turn off smart lock features on your PC and phone. Use devices that have authentication for pairing and change the manufacturer’s code to a PIN code that only you know. If you own a device with an older Bluetooth version, be sure to update the firmware. It is the same as with a PC’s operating system – if you use Windows 7 or Windows XP, your device is more likely to get infected.
Malicious hackers never miss an opportunity to take advantage of system vulnerabilities. So, if you thought that it’s not that likely someone will attack you via Bluetooth, you shouldn’t leave anything to chance. Bluetooth attacks have certain advantages over the usual methods of compromise because they can reach air-gapped systems that have Bluetooth turned on for simple peripherals, such as Bluetooth headsets, keyboards, and others.
Our new Android application, SignalsTM will allow users to visually manage Bluetooth connections, locate lost devices, and block foreign unknown devices.
Visit our Features page by clicking the button below.
Other Blog Posts
Signils is providing the complete guide to Bluetooth to help you learn more about this commonly used and extremely popular wireless technology. No, this is not your Father's Wi-Fi.
Bluetooth 5.2 was announced in January 2020 and will bring many new features that promise to change our Bluetooth experiences forever. From LE Audio, faster connection, improved security, and direction finding to long-range BLE beacon technology - Signils brings the new Bluetooth standard closer to you.
If you are about to launch a Bluetooth utilization or development project, it is essential to know the difference between Classic Bluetooth and Bluetooth Low Energy. The naming conventions have changed and are causing confusions to this day. Signils explains in this article all the similarities and major differences in features between these two Bluetooth technologies.