Law Technology Today From the ABA Legal Technology Resource Center
Related Articles
Most of us connect to something via Bluetooth every day, whether it’s our HVAC systems, TVs, smartphones, fitness trackers or even our cars. By 2017, the average consumer will own at least five connected devices, according to Cisco’s 2013 Visual Networking Index, so it’s important to take a look at the security issues associated with Bluetooth now before it’s too late.
When it comes to wireless communication, we have to be careful about what we’re transmitting and who can receive it. Chances are, your devices are more discoverable than you think.
Have you ever noticed when you’re at a coffee shop or in a crowded area and you go to connect your wireless mouse to your laptop, you see a list of other, unfamiliar devices? These devices are “discoverable,” which means you can connect to them – and more importantly, so can hackers. The first step in protecting your information from cyber criminals is to set your devices to “undiscoverable” when you are not using their Bluetooth capabilities. Even better, turn your Bluetooth off completely if you can.
Without the proper protections, a skilled hacker can intercept your devices’ signals and uncover more about you than you think you’re revealing. Risks associated with Bluetooth typically fall under one of four categories: worms and viruses, bluebugging, bluesnarfing and backdoor hacking.
- Worms and viruses: A virus writer often builds malware specifically to attack mobile phones. The malware can spread via Bluetooth – as long as the device is set to “discoverable” – and is often hidden in the form of an app. (Tip: Delete any flashlight apps you’ve downloaded. Researchers found that the top 10 flashlight apps on the Google Play store are spying on users.)
- Bluesnarfing: Bluesnarfing exploits Bluetooth connections to steal information from the targeted device. A hacker wirelessly connects to your phone without your knowledge to access and download your phone’s contacts, calendar, pictures and other information.
- Bluebugging: With bluebugging, a hacker completely takes control of your smartphone using a wireless connection. He will often disguise himself as the device you’re looking to connect to, like your headphones. Once connected, he can access your contacts, place calls as you, listen in on calls, read your messages and emails and even track your location – all without you even knowing. It’s essentially as if they have a remote control for your phone.
- Backdoor hacking: A hacker can create a backdoor to your device, giving him total access to your device. One way he does this is by creating a fake wireless access point (WAP) that looks like the “free wireless” network you intended to connect to (i.e. he can create a fake WAP called “Starbucks Wireless Network” to trick Starbucks customers into sending information over an unsecure network). This is a big reason why to avoid connecting to public Wi-Fi at all costs.
Now that you know the risks, how do you know if your phone or device is secure? We’ll start with the basics. There are four Bluetooth standards that all Bluetooth-enabled devices adhere to: levels one, two, three and four.
- Devices with level one security talk to each other without authentication, which means anyone can intercept your data. So someone could listen in on your call if you’re using Bluetooth-enabled headphones or ear buds with low security.
- Level two is a bit more secure, as it asks for authentication and acknowledgement when you pair devices. The problem is that they pair before they authenticate, leaving a window where hackers can get in.
- With level three, your Bluetooth devices authenticate before they pair, which closes the window left open in level two.
- The most secure level, level four, is similar to level three, but uses a stronger authentication protocol, which leads to a more secure connection.
While it’s hard to know what level your device is using, typically the older the device, the lower the level and the less secure. Even with a level four device, security is always a risk. Here are some additional ways to protect your Bluetooth-enabled devices:
- The best protection against hackers is simply turning Bluetooth off when you’re not using it. When you do have to turn it on, make sure your devices are set to “non discoverable.”
- Wireless headsets and ear buds are particularly vulnerable to exploitation, so I always advise choosing models with signal encryption.
- Manufacturers release patches or updates to address threats and correct weaknesses – make sure to take advantage of these updates by downloading and installing them regularly. They are often available from the manufacturer’s website.
- Maintain physical control of Bluetooth-enabled devices at all times and remove lost or stolen devices from your paired device lists immediately.
From speaker volume to home security systems, we can practically control anything from our smartphones. And our lives are only getting more connected. Keep intruders out by taking the proper protocols in increasing your devices’ security.
