Bluetooth is a convenient wireless technology that comes with all modern laptops, phones, and tablet devices. It allows you to easily pair and connect devices, collect health data from wearables like smartwatches, play audio wirelessly, and more. Since this technology is so widely available, users are also worried about its vulnerability and wonder if Bluetooth devices can be hacked.
The answer is unfortunately Yes. While it brings you a lot of convenience and comfort and is less vulnerable than other wireless connection technologies like WiFi, Bluetooth can still expose you to alarming privacy and security leaks if you don’t protect yourself.
While the security risks are alarming, protecting yourself against such risks is also surprisingly easy. To understand those measures, it’s important to know how hackers can connect to your device via Bluetooth and access your data or send you malicious files.
How does Bluetooth hacking work?
Hackers use specialized codes or software to detect nearby Bluetooth devices and connect to those that are vulnerable.
By default, your phone, laptop, and other such devices are programmed to treat previously connected Bluetooth networks as trusted and will automatically connect to them in the future. Hackers can also access the list of trusted networks recognized by your device and replicate them to connect and control your device.
Once they have access to your device, they can monitor texts, calls, and the ever-increasing digital footprint you leave behind. They can also bombard your phone with malware, ransomware, and other malicious programs to corrupt your data, extort you and even hold your data hostage for monetary gains.
When it comes to Bluetooth hacking, there are several methods. However, Bluejacking, Bluesnarfing, and Bluebugging are the most popular.
What is Bluejacking
Bluejacking is the method where hackers can send you messages, clips, and other types of files without your permission. Unlike WiFi that uses a large band of frequencies, Bluetooth uses short-range radio frequencies to establish a connection between two devices or more. This allows your phone or laptop to hop frequencies dynamically for a stable and strong connection.
This short frequency band also reduces its physical range. Most Bluetooth devices can maintain a stable and strong connection within 30 feet. The range may get reduced due to obstructions. However, there have been improvements with Bluetooth 5.0 that have increased the range of devices that are equipped with that Bluetooth standard.
To hack your device, a Bluejacker needs to enter that range and be close to your Bluetooth-enabled device. Once within range, the Bluejacker will scan nearby devices. Since there are numerous Bluetooth devices, in any public location, the Bluejacker is going to have a hard time recognizing your device. That’s why they would connect to devices from the list of discovered devices and send a message. It may be something like “I’m watching you”. An innocent user would have visible confusion upon receiving the message and that cue lets the bluejacker identify you.
During its infancy and before Bluetooth was a widely available technology, devices used to show up as a string of numbers and characters. However, modern phones and laptops have their model names as the default Bluetooth name and it shows up on the Bluetooth scan. If you have the only iPhone 12 or the only Galaxy Z Flip in the cafe, the hacker would have an easier time identifying your device. They can then send you images, texts, and even spyware to monitor your device.
The bluejacking method involves sending data and files to the victim’s phone. However, a bluejacker can’t access your data or steal anything from your phone or laptop via Bluetooth. Since the hacker doesn’t infringe on your territory or steal anything, it isn’t illegal. Bluejacking started as harmless pranksters playing around with new technology. There were numerous forums like BluejackQ that were very popular with to-do guides on Bluejacking and a code of ethics.
However, if someone wants, they can spread confusion with Bluejacking and also manipulate the victim with well-crafted messages. They can also send spyware, ransomware, and other such infected files to monitor or get access to the victim’s device.
Steps to Bluejacking
- The Bluejacker creates a new contact on their phone.
- Instead of saving a name, the Bluejacker saves a targeted message in its place and doesn’t save a number.
- He scans for nearby Bluetooth devices and then shares the contact with a connected Bluetooth device.
- When the victim receives the message, they have no way of figuring out who sent the message.
What is Bluesnarfing
Unlike Bluejacking, Bluesnarfing is a complicated method of hacking Bluetooth devices and requires some technical knowledge and expertise. Bluesnarfing allows a hacker to steal a user’s data. It may include sensitive emails, texts, calendar schedules, and even contact books. While it’s extremely difficult to figure out the source of a Bluejacking attack, the user becomes aware if they have been Bluejacked. On the other hand, if a hacker steals your data using Bluesnarfing it may go undiscovered indefinitely. Unlike Bluejacking, Bluesnarfing is illegal.
How does Bluesnarfing work
Bluetooth uses OBEX(Object Exchange) protocol that transfers information between wireless devices. The OBEX protocol was initially developed for infrared. However, later it was adopted for Bluetooth and other wireless file transfer technologies. Bluetooth uses the OBEX Push Profile that facilitates the smooth exchange of contacts, business cards, and other such information at the cost of security. The OBEX Push Profile doesn’t require any authentication and hackers use that vulnerability.
When a hacker performs a Bluesnarfing attack, they connect to an OBEX Push target and perform requests for known filenames. These filenames are specified under the IrMc standard for wireless data transfer. For instance:
- telecom/cal.vcs – for device calendar
- telecom/pb.vcf – for device phone book
Once a Bluesnarf hacker compromises the OBEX protocol, they can pair their system with the victim’s device. If there are any security gaps or vulnerabilities in your phone or laptop, the hacker can gain easy access to your data by guessing the names of commonly known files. Bluesnarfing attacks are usually performed to extract the IMEI(International Mobile Equipment Identity) number of your phone. Hackers can use this number to divert messages and calls to their own devices.
Bluesnarfing Attack Orders
Like all things illegal, Bluesnarfing has a place in the Dark Web. Apart from tutorials, you also get specialized software like Bluepot and Bluesnarfer. You can use it with special penetration testing Linux distros like Kali Linux and BlackArch Linux.
Most of such tools are designed by “white hat” ethical hackers to figure out system vulnerabilities and sort them out to increase security. However, “black hat” hackers can use them illegally to hack into your phone or computer and steal your data. Among them, Bluediving is one of the most popular and mainstream tools.
Once a hacker exploits OBEX vulnerabilities, they can use their programming skills to compile an attack tool themselves. There are also “black hat” hackers for hire on Dark Web platforms like Silk Road. you can hire their services for the right amount and Bluesnarf your target’s device.
What is Bluebugging
Bluebugging is probably the most dangerous form of Bluetooth attack since it targets and connects to discoverable Bluetooth devices and takes full control. The hacker can send messages, access the data on the device, and can even listen in on phone calls. As the name suggests, hackers bug your device. Unlike bugging landline phones in spy movies, there is no need to get physical access to your device to execute the attack.
Unlike other hacking methods, Bluebugging differs across devices and platforms since they all have different vulnerabilities. Once a hacker connects to your device via Bluetooth, they install a backdoor or malware to bypass authentication and gain access to your device. This malware is designed to exploit vulnerabilities in the device. Unsophisticated hackers use Brute Force and try thousands or millions of username and password combinations each second to gain access to the device or services on it. Once they get access, hackers can do what you can on your device.
Unlike Bluejacking, which lingers in the harmless pranking territory, Bluebugging is highly sophisticated and allows full access of your phone or laptop to the hacker. It goes beyond Bluesnarfing since the hacker aims to do a lot more damage than just stealing your private data.
What is BlueSniping
Attackers have numerous ways of hacking into your device via Bluetooth. However, the short-range of Bluetooth also poses a great risk since it forces the hacker to stay close to the target to execute the attack. However, there are certain ways where a hacker can execute a Bluetooth attack from a long distance. One of them is BlueSniping.
BlueSniping is a technique where hackers can increase the range of Bluetooth by a mile and connect to your device from a safe location to steal sensitive information. Hence the name, Sniping.
In this type of attack, attackers use a special “rifle” with a directional antenna and a Bluetooth module to increase the range of Bluetooth in a specific direction. They connect that device with a PC and then execute a Bluesnarfing attack.
What is BlueBorne
A few years ago, Armis Labs detected a new Bluetooth attack vector – BlueBorne. It can affect billions of devices across multiple platforms including Android, iOS, Windows, and Linux. Unlike traditional Bluetooth attacks, the hacker doesn’t need to pair to your device or leverage the internet after doing so. As long as your phone’s Bluetooth is turned on, a hacker can connect to the device, take control of your device, and spread malware. Just like Bluesnarfing, a user may be indefinitely unaware if their device has been a target of BlueBorne.
To execute a BlueBorne attack, the hacker needs to load up a device with the BlueBorne utility and leave the infected device in a secured location. For instance, if the infected device is left at a secure location like a bank, the infected device can connect to other devices in the area via Bluetooth and infect them as well. Anything from smartphones and laptops to wearables like smartwatches and smart bands. This kind of attack can infect the customers and workers of the bank if their device Bluetooth is turned on and even the IT system of the bank.
Since BlueBorne can connect and infect numerous devices, the carriers of the infected device spread the chain and infect thousands or millions of devices in a day. This allows the hacker to spread malware and nefarious ransomware to the infected devices and allows them access to critical systems of businesses. It’s a form of Bluesnarfing attack.
Armis Labs contacted Google, Microsoft, and Linux to share their findings and the companies have delivered security patches to their devices. However, it shows how new generation Bluetooth attacks are getting more sophisticated and demands more caution.
What are some recent Bluetooth hacks
BlueBorne wasn’t the only Bluetooth attack in recent times. In 2019, the 360 Alpha Lab team discovered BlueWave that compromised macOS devices. Similar to BlueBorne, the attack compromised macOS devices and spread like a wave to other paired macOS devices in the vicinity. Just like BlueBorne, BlueWave is a “zero-click” vulnerability that allows the hacker to successfully attack a device from a distance without any action from the device user.
BlueFrag is another recent Bluetooth attack discovered by ERNW, a German tech company. It affects Android devices where hackers can use a vulnerability in Bluetooth daemon privileges on your device to execute a code without detection, spread a virus or worm, and steal personal data.
Both Apple and Google have released security patches to secure the devices under their umbrella.
How to protect yourself from Bluetooth hacking
Fortunately, protecting yourself against Bluetooth attacks is relatively easy when compared to other hacking attacks. Here’s what you can do:
- Security Updates – Make sure that you download the latest patches for your device and keep them updated regularly. For instance, since BlueBorne Apple, Windows, Google, and Linux released security patches for their devices to protect their users. If you downloaded the patch as soon as it was available, you could protect yourself very quickly.
- Use the latest Bluetooth version – Similar to software updates, it’s also best practice to be on the latest hardware and Bluetooth standard. When you buy your next phone, computer, smartwatch, or smart home device, make sure that it has the latest Bluetooth standard and hardware. For instance, encryption became mandatory since Bluetooth version 2.1 and Bluetooth tracking was completely disabled with Bluetooth version 4.0. Bluetooth version 5.0 also offers enhanced security apart from increased range and bandwidth.
- Turn off Bluetooth when not necessary – Bluetooth devices can automatically find each other. However, this convenience also exposes your device to security threats. That’s why you should keep Bluetooth turned on when you need it. For instance, turn off Bluetooth after using your headphones or wearables or transferring files between devices. You can also use apps like IFTTT(If This Then That) to automatically turn off Bluetooth when it’s disconnected from a device or when it is turned on without a connection for more than a minute. Follow the same protocol and “unpair” devices that you wouldn’t connect to soon.
- Secure your connection – Secure your Bluetooth device to avoid being hacked. Go to your Bluetooth settings and keep your device undiscoverable when you aren’t pairing or connecting a new device. This keeps your device invisible to hackers. Moreover, you can also change your Bluetooth settings to only connect with trusted devices you add. This prevents unknown devices from establishing connections.
- Don’t share sensitive information over Bluetooth – By now it must be clear that this technology has numerous vulnerabilities and a lot of them are still undiscovered. That’s why it’s best to avoid sharing sensitive information like passwords, business or banking information, and private photos via Bluetooth.
- Avoid pairing in a crowded location – As mentioned before, Bluetooth is a short-range wireless connection technology and that’s why most hackers would carry out their attacks in crowded places. It’s best to avoid pairing to another device when you’re in a crowded place.
Protecting yourself from Bluetooth hackers is easy as long as you follow the above-mentioned security steps. However, if you want to protect your privacy, you also need to beware of tech companies that provide services on your device. Even when you turn off Bluetooth on your device, your phone still recognizes Bluetooth signals near your device. That means app makers have another way of detecting your location. Unlike GPS, Bluetooth is a short-range and very accurate tracking signal.
App makers can use the data to accurately track your home, work, favorite restaurants, and other locations. They combine this data with other forms of digital footprint to know a lot more about your life than yourself. That’s why you should read privacy statements carefully before you hit the “Accept” button and turn off location tracking permissions for those apps.