After reading this tutorial, you’ll be aware of the dangers around your bluetooth devices and you will learn about bluetooth vulnerabilities and attack methods. Of course, the article focuses on the protective measures that you can take to secure your devices.
This content is optimized for both regular bluetooth device users and users with knowledge on IT security, looking for deeper information on bluetooth security risks.
Note: This article was initially written in 2021 and updated in 2022.
About Bluetooth Security Risks
There are a variety of attack types which can be launched against bluetooth devices.
Attackers can capture the traffic between two devices (steal the data shared between the devices). This data can be exploited for mobile spying purposes, or for example, to steal the authentication data from a bluetooth authenticating device or hardware. This type of attack, called BlueSnarfing, is especially dangerous when the traffic isn’t encrypted.
Other types of attacks can terminate your battery, disable your Bluetooth device, or introduce information into the victim’s mobile, such as contacts.
All these attack types are deeply explained later in this document.
The most common and safest prevention measure is to keep the bluetooth service disabled when unnecessary. When bluetooth is enabled, an attacker only needs to come near the potential victims and execute a vulnerability scan to discover the vulnerable devices or traffic.
One of the most popular tools that the hackers use to find the unsecure traffic or devices to attack is BlueDiving, which additional to vulnerability discovery functionalities. It also includes exploitation codes or programs to run the attacks. In other words, an attacker only needs to be near you 10 meters to hack you.
The only way for potential victims to avoid getting scanned is to keep the bluetooth service turned off. This is actually the only safety measure which can guarantee security.
While many experts recommend the additional tips like identifying the pairing devices to make sure that these are the devices that the users want to connect, regular users can’t realize if the traffic between both devices is being sniffed (spied).
The second important security measure if the user must enable the bluetooth service is to make sure that the connectivity takes place in a solitary environment, without nearby people, since the attackers need a relatively close distance to proceed. Only if you are a coveted target, you may worry about long distance bluetooth attacks (called Bluesniping ) which are launched with special hardware and are not common at all.
Bluetooth Attack Types
Users must be aware of the characteristics of each attack to understand the real danger that they are exposed to, and get convinced to avoid using this feature which is present in almost all technological devices.
BlueSmacking: This type of attack is almost inoffensive, and consists of disabling the victim’s mobile bluetooth services by sending a large amount of big packets to generate a service overload. In the IT security environment, this type of attack is widely known as DOS (Denial of Service). When this is specifically launched against a bluetooth device, it’s defined as BlueSmacking.
As a consequence, the victim won’t suffer a data leak or privacy violation. Just the bluetooth service will stop working. This attack may also decrease the battery charge.
Bluebugging: This is one of the most harmful attacks, granting that the attacker fully controls over the victim’s device. Through this attack, the hacker can control the calls and messages, fetch the contacts and other information.
BlueJacking: Despite this behavior being considered an attack called BlueJacking, it only consists of using a bluetooth feature which allows it to send the unsolicited messages and media. Recently, the news reported that a Southwest Airlines pilot almost cancels a flight because a passenger was sending nudes to other travelers using the AirDrop application included in Iphone devices, which allows the users to share messages and media. The passenger did not use any hacking tools or special knowledge to send the messages.
BlueSnarfing: This is a dangerous attack which allows the hacker to gather the data from the compromised device. This attack does not provide control over the device, but leaks the information. It is together with Bluebugging which is one of the worst attacks.
Bluesniping: This attack is uncommon. It is a long range version of the previously mentioned BlueSnarfing attack. It is executed with special hardware consisting of an antenna which increases the bluetooth range.
KNOB: The Key Negotiation of Bluetooth attack is newer than the one listed previously. It consists of manipulating and brute forcing the encryption keys. By implementing this attack, a hacker can interfere with the bluetooth communications of paired devices.
Preventing Bluetooth Security Risks
As said previously, the best method to get protected against bluetooth attacks is to disable bluetooth when unnecessary.
Try not to use bluetooth devices which can become doors for attackers to break into your device, send unwanted data, or spy the traffic.
Users who really need to use bluetooth must take in account the security options included in this technology.
There are five basic security measures for standard bluetooth devices:
- Authentication: Verifies the identity of devices (pairing).
- Authorization: Ensures that the authenticated (paired) device has authorization.
- Confidentiality: Ensures that only the authorized devices can access the data.
- Bonding: Stores the key used with a trusted paired device.
- Packet integrity: Verifies that the packet or message was not altered.
These five basic security measures are included in the standard available security levels including them (except for the level 1, which does not include no protective measure at all).
The six security levels containing the previously listed defensive measures are:
Note: Levels 5 and 6 listed in the following are truly different security modes, rather than different security levels. But this difference is not relevant for the reader to understand the point and may even confuse him.
- Level 1: This level does not include protective measures. This is the unsafest level.
- Level 2: This level allows the unpaired devices communication, but includes encryption.
- Level 3: Level 3 requires pairing (authentication) and includes encryption.
- Level 4: Enhanced security with encryption that requires pairing (authentication).
- Level 5: Unauthenticated (unpaired) devices with data signing.
- Level 6: Authenticated (paired) devices with data signing.
Levels 4, 5 and 6 are supported only in newer bluetooth devices. Many of the improvements are bluetooth 4.2 exclusive. They must not be taken in account by users without the latest bluetooth versions.
Even if the user device has the latest bluetooth version, the second device probably doesn’t.
Old bluetooth versions can get known vulnerabilities fixed by keeping the operating system updated. Updates include patches for reported security hooles.
The following bluetooth security hardening checklist summarizes the recommended security measures:
- Keep the bluetooth service turned off always if not in use.
- If possible, try to avoid using bluetooth near people.
- Keep your operating system updated, including security patches.
- Seek to have devices with latest bluetooth version.
- Set the devices to low power consumption, decreasing the transmission range.
- By default, bluetooth devices must be configured as undiscoverable.
- Refuse connections from unknown devices.
- Avoid unauthenticated connections.
Conclusion
As you can see, bluetooth is not the safest transmission method. Vulnerabilities are periodically discovered and solid security measures were incorporated only in latest bluetooth versions. Despite this, any user can take safety measures without needing an IT security knowledge by following a few recommendations like the ones we listed. I also recommend the Linux users to try the mentioned bluetooth pentesting tool (BlueDiving) to test their devices security. This tool is already included in Kali Linux by default.
Thank you for reading this tutorial which explains the bluetooth security risks. Keep following us for more IT Security content.