In any wireless networking setup, security is a concern. Devices can easily grab radio waves out of the air, so people who send sensitive information over a wireless connection need to take precautions to make sure those signals aren't intercepted.
Bluetooth technology is no different — it's wireless and therefore susceptible to spying and remote access, just like WiFi is susceptible if the network isn't secure. With Bluetooth, though, the automatic nature of the connection, which is a huge benefit in terms of time and effort, can also be a benefit to people looking to send you data without your permission.
Bluetooth offers several security modes, and device manufacturers determine which mode to include in a Bluetooth-enabled gadget. In almost all cases, Bluetooth users can establish "trusted devices" that can exchange data without asking permission. When any other device tries to establish a connection to the user's gadget, the user has to decide whether or not to allow it. Service-level security and device-level security work together to protect Bluetooth devices from unauthorized data transmission.
Security methods include authorization and identification procedures that limit the use of Bluetooth services to the registered user and require that users make a conscious decision to open a file or accept a data transfer. As long as these measures are enabled on the user's phone or other device, unauthorized access is unlikely. A user can also simply switch his Bluetooth mode to "non-discoverable" and avoid connecting with other Bluetooth devices entirely. If a user makes use of the Bluetooth network primarily for syncing devices at home, this might be a good way to avoid any chance of a security breach while in public.
Still, early cell-phone virus writers took advantage of Bluetooth's automated connection process to send out infected files. However, since most phones use a secure Bluetooth connection that requires authorization and authentication before accepting data from an unknown device, the infected file typically doesn't get very far. When the virus arrives in the user's cell phone or smartphone, the user has to agree to open it and then agree to install it. This has, so far, stopped most cell-phone viruses from doing much damage.
Other problems like "bluejacking," "bluebugging" and "car whisperer" have turned up as Bluetooth-specific security issues. Bluejacking involves Bluetooth users sending messages to other Bluetooth users within range. Although sensitive information may not be revealed, unwanted messages may show up on your device. Bluesnarfing is similar to bluejacking, but the messages sent out include code that force the receiving phone to reply, sending back contact information [source: Mobile Resource Group].
Bluebugging allows hackers to remotely access a user's phone and use its features, including placing calls and sending text messages, and the user doesn't realize it's happening. Blueborne requires convincing a device's owner to wake up the device, after which the hacker can control its screen and apps.
Car whisperer takes advantage of car owners' failure to change the manufacturer's PIN on their car's Bluetooth-enabled entertainment system. This allows hackers to send audio to and receive audio from the device. Like a computer security hole, these vulnerabilities are an inevitable result of technological innovation, and device manufacturers are releasing firmware upgrades that address new problems as they arise. Users can also help by changing default device PINs or passwords, and keeping their Bluetooth set to undiscoverable as a default.
For more information on Bluetooth and related topics, including full Bluetooth specifications, check out the links below.
Last editorial update on Nov 8, 2019 06:16:27 pm.