Using Bluetooth Securely
Bluetooth is a wireless technology that allows devices to connect and exchange information between them. Bluetooth has a number of benefits, such as making it easy to share files, convenient data synchronization and allowing for hands free communication. However, as a wireless networking technology, Bluetooth also carries a number of security threats that you need to be aware of. This article looks at some known Bluetooth threats and outlines measures for using Bluetooth securely.
Known Bluetooth Threats
Attacks against insecure Bluetooth devices can result in unauthorized access to sensitive company and personal information, and enable unauthorized use of compromised devices to gain access to the other systems and devices that they are connected to. Bluetooth enabled devices are susceptible to many security threats and some of these are listed below.
Bluejacking, also known as Bluespamming, sends anonymous text messages or business cards to other Bluetooth devices within range of the attacker.
Bluesnarfing allows a malicious attacker to access and copy information stored on a Bluetooth enabled device without the knowledge of the device owner.
Bluebugging allows attackers to take full control of a device and access mobile phone commands via Bluetooth, allowing phone calls to be made, text messages to be sent and access to the data stored on the device.
Bluesniping involves the use of a directional antenna (or aerial) to connect with and access the data on Bluetooth devices that are over half a mile away.
Interception involves the use of a special Bluetooth device to interrupt paired device communication, request a re-pairing, then intercepting the re-pairing PIN to gain access to a device.
Denial of Service (DoS) attacks send a flood of response requests to a specfic Bluetooth device, rendering the device inoperable and draining the device battery life.
This is by no means a complete list, Bluetooth devices are also susceptible to many other attacks including eavesdropping on phone call conversations and malware infections.
Using Bluetooth Securely
The following measures will help to ensure you use Bluetooth securely and help prevent your devices from becoming a target for attack.
Protect Your Device
- Install mobile security software on your Bluetooth device such as antivirus, firewall, anti-spam and device encryption and ensure all installed software has the latest security updates.
- This will help prevent, or reduce the impact of, known Bluetooth attacks and ensure that information stored on the device remains protected.
Turn Bluetooth Off
- Turn off the Bluetooth functionality when not in use.
- This will limit your exposure to potential attacks to only the periods when you are actively using Bluetooth.
- Ensure the Bluetooth device is configured to be ‘undiscoverable’, ‘hidden’ or invisible.
- This will prevent the device from publicly broadcasting its Bluetooth device name or identifier for others to see and target for attack.
Change the Device Name
- Change the default name of the Bluetooth device to something anonymous and without meaning.
- By default, the name of the device usually identifies the model and type of device (e.g. Blackberry 8830), which could make it a target of attack.
Verify Transmissions Before Accepting
- Do not simply ‘accept’ transmissions such as messages, files and images from unknown or untrusted devices.
- These transmissions could contain malicious code that allow your device to be taken over, or allow the data stored on your device to be compromised.
Use Strong Pins
- Where possible, always use a strong pin when pairing devices and change the default pin on the device to something more secure.
- Pins should be random and at least 8 characters (where technically possible) to prevent guessing by malicious individuals.
Pair in Private
- Only pair/connect two devices together in a secure, private location indoors.
- This will help prevent attackers from listening in and obtaining your PIN, or intercepting pairing messages.
No Unknown Pairings
- Never pair/connect with unknown or untrusted devices and do not respond to messages requesting your PIN, unless you are certain the request is from a trusted device.
- This will ensure that your device is only paired with known and trusted devices.
Maintain your Pairings
- Remove all pairings for devices that have been lost or stolen and regularly check to ensure devices are only paired with current and known devices.
- This will prevent attackers from using a lost or stolen device to access the other Bluetooth devices that it was paired with. It will also ensure your device pairings stay current and you are made aware of any unauthorised pairings.
- Ensure sensitive information transmissions over Bluetooth, such as connections to company networks, are encrypted.
- This will ensure that the transmitted information is protected and unreadable to unauthorized individuals.
- If your device is behaving strangely and you suspect that someone may be attacking your device, simply walk away or turn off the Bluetooth function.
- Be alert when openly using Bluetooth in public, looking out for any suspicious activity, as your device could be a target.