By Default, Keep the Bluetooth Setting Disabled

Bluetooth, a wireless protocol, allows devices in close proximity to exchange data, messaging, as well as voice communication. Bluetooth is a ubiquitous feature, as all devices today, including IoT-driven smart devices, have it. Not just smart homes, even portable entertainment systems such as those in cars use Bluetooth. And, as the number of smart devices increases exponentially, so does the risk of Bluetooth being used as a vector for attack.

Bluetooth has low security protocols

Using Bluetooth 5.0 standard, a device can connect with other devices located up to 800 feet away. However, using high-frequency antennas, cyber criminals can extend this range and infiltrate devices. There are other hacking tools easily available on the internet that aggravate the situation. To make the matters worse, key security features are missing in Bluetooth protocols.

Although Bluetooth security features include authorization, authentication, and encryption (optional), Bluetooth devices are easily hacked.

Ways Bluetooth-enabled devices are compromised

Some of the common ways cyber criminals use to break Bluetooth security mechanisms are:

Bluejacking: A close cousin of spam and phishing, bluejacking involves sending out business cards and urging recipients to save the card on their devices. Once this is done, the compromised device becomes susceptible to many other forms of social engineering scams to phish out confidential information.

Bluesnarfing: Cyber criminals establish contact with a discoverable device to access data on the device. This includes text messages, emails, calendar, contact list, media files (pictures and videos), and IMEI (international mobile equipment identity) number of the phone. The IMEI numbers, when compromised, can allow cyber criminals to divert all calls and messages to devices that they control. This can form the basis for other sinister crimes such as account takeover and payment fraud.

Bluebugging: Using this method, cyber criminals can remotely control all functions of the attacked device. They can place calls, send messages, read phone books, and edit calendars - all without the user's knowledge.

Bluesmack: Cyber criminals overwhelm a device by sending a barrage of malicious requests. This is called a Bluetooth Denial of Service (BDoS), which prevents the owner from operating the device. However, the battery gets drained due to continuous malicious requests.

Fortunately, in all of the above attack types, if the Bluetooth feature is disabled, the device cannot be attacked. Also, the above attacks require the cyber criminal to be present within 10 meters of the device.

Steps to remain safe

Here are some ways that can help keep your Bluetooth-enabled device secure.

• Keep your device in the non-discoverable mode by default. Enable the Bluetooth feature only when you need to pair your device with another. Once it is done, switch it off without fail.
• Avoid using Bluetooth to transfer sensitive or classified information.
• Prune the paired device list regularly.
• Do not authorize random pairing requests.

The article has been written by Neetu Katyal, Content and Marketing Consultant

She can be reached on LinkedIn.