Home Did you know ? Is Bluetooth a Cyber Security Liability?

Is Bluetooth a Cyber Security Liability?

by Mic Johnson

As with any computing development, there will be bugs and gaps in the code that hackers can exploit. The issue with Bluetooth-enabled devices lies less in the standard and more in the sheer magnitude of Bluetooth’s reach.

Bluetooth is everywhere. From cars to speakers to TVs, over a day, someone’s phone might connect to a dozen different Bluetooth devices in a single day. Most people never think about Bluetooth connections and leave the setting turned on constantly. Without it, most people would be losing a considerable amount of their daily convenience. This ubiquity is the exact reason that Bluetooth has increasingly become the root of many cyber security issues.

 A quick history of Bluetooth

Invented in 1994, Bluetooth’s original use was pretty limited. Initially conceived by Dr. Jaap Haartsen at Ericsson, Bluetooth was named after a famous Viking and king who united Norway and Denmark during the 10th century. When it was first invented, the technology was primarily designed to replace RS-232 telecommunication cables using short-range UHF radio waves.

In 1999, the first Bluetooth-enabled device headset was launched with accolades at COMDEX. Since then, Bluetooth has only continued to grow.

Near, far, wherever you are

While Bluetooth was initially designed for short-range communications that required paired devices to be within a specific range of each other, the radio waves that Bluetooth devices use have made them vulnerable to cyber thieves and hackers. They exploit these systems remotely and then leverage the Bluetooth system to launch attacks and run these attacks both in close proximity and remotely by leveraging some low-cost equipment.

This ability to enact remote attacks has made the security of Bluetooth devices a top concern for a lot of security teams, especially considering some of the Bluetooth vulnerability issues that recently surfaced. Some bugs, like BIAS (Bluetooth Impersonation AttackS), could expose billions of Bluetooth devices to hackers. By allowing cyber thieves to create an authenticated Bluetooth connection between paired devices without needing a key, BIAS attacks permitted the attacker to take over the communication between the devices by masquerading as either device. This gave them access to the targeted device and let them steal or corrupt data.

This hasn’t been the only instance of serious Bluetooth-related security incidents. BlueBorne, KNOB (Key Negotiation of Bluetooth), Sweyntooth, and more all have severe implications for the security of Bluetooth-enabled devices—and what device isn’t Bluetooth-enabled these days?

While Bluetooth has been investigated to a degree, not many researchers have taken the time to really dig into it. Because of how involved it is to even read Bluetooth’s standard—let alone start to figure out all its possible implementations—Bluetooth exists in a kind of security standstill. While this has its obvious downsides, this dubious position has provided Bluetooth with a kind of cover. Hackers have often found it easier to develop attacks against other systems rather than take the time to figure out how to go after Bluetooth.

In recent years, this security upgrade freeze has started to thaw. Just as attackers have begun to see Bluetooth as an option for attacks, so have researchers started to focus their efforts on making Bluetooth more secure. High-profile vulnerabilities like BlueBorne and BIAS have pushed researchers to increase the focus on Bluetooth’s configuration and implementation issues. The Bluetooth SIG has started to consider future resources for developers that may help them check their Bluetooth implementations for risks. One of these developments may include the possibility of a security and admin tool that coders would be able to use to check their Bluetooth implementations. The SIG also has plans to increase awareness of existing resources on secure Bluetooth implementation.

What is the Bluetooth SIG?

The Bluetooth Special Interest Group is a standards organization made up of 36,000 companies. They serve to oversee the development of Bluetooth standards and deal with licensing Bluetooth technologies and trademarks to manufacturers. Basically, they serve as the overseers of the world of Bluetooth. Originally, the Bluetooth SIG was run by members that had been effectively seconded from the participating companies. However, since then the Bluetooth SIG has gained its own professional staff–not to mention a whole bunch of new members–and remains a not-for-profit, non-stock corporation.

What will protect us?

As more and more devices become interconnected with Bluetooth, it’s becoming imperative that the cyber security risks that plague Bluetooth be addressed. As the risk for users rises, so do the rewards for hackers. Consider the rise of Bluetooth-enabled home security devices, cameras, and wearables and you’ll start to see the bigger picture. Not to mention Bluetooth-enabled devices being much more commonplace in corporate, government environments, and industrial environments.

So how do companies and individuals begin to protect themselves from the risks? Researchers have said that more awareness and training for cyber security specialists and more tools and training from the Bluetooth SIG would go a long ways towards making the world of Bluetooth safer from attacks. Small businesses can also benefit from talking to professional cyber security Perth companies about minimizing their risk.

Just turn it off

Barring some major security overhauls, the fastest and easiest way to protect your devices from malicious attacks is to simply turn it off when not in use. While it might interfere with some of the convenience of the devices, having Bluetooth turned off on devices when you’re not actively using them completely minimizes your risk. Called a “candy land” for attackers, uninterrupted Bluetooth access puts you, your devices, and any sensitive information on those devices at risk. Even if you lean on Bluetooth heavily during your workday, you can turn it off after work when you’re home with your family or out with friends. And in reality, how much are you really using Bluetooth every minute of every day?

While you might have to toggle switches back and forth a few times to get things connected again, the benefits far outweigh the risk you take by keeping Bluettoht enabled on all your devices at all times.

With the flaws of Bluetooth being in the standard itself, millions of devices remain at risk. So the easiest thing to do is just turn it off when you’re not using it and save yourself (and your company) a lot of hassle.

You may also like

1 comment

Joe January 12, 2022 - 10:59 am

Thank you for this.

Comments are closed.