Bluetooth technology is a protocol establishing a local network to exchange data wirelessly between nearby devices. Bluetooth works by wirelessly connecting different devices, such as your phone and your hands-free calling feature in your car. This eliminates the need for a USB cable when you want to exchange data between devices. Bluetooth uses short-wavelength UHF radio waves to establish the connection, making it essentially a radio connection, which operates at frequencies between 2.402 and 2.480 GHz1. Bluetooth technology uses frequency hopping, where the connection jumps between 79 different frequencies within its range to maintain a strong and stable connection.
In order for Bluetooth technology to work, Bluetooth devices must be in close proximity to each other- generally with 30 feet. When you first set up two Bluetooth device to connect for the first time, this action is called “pairing.” Since you must approve each connection, this action is relatively secure. After a pairing has been successfully connected, this connection is usually remembered for future pairings, when the devices are sufficiently close to one another.
Bluetooth is an “open standard”, meaning that anyone is free to use this technology without a license. Due to this, the number of devices with Bluetooth technology is constantly on the rise. With more and more devices offering Bluetooth connectivity, cyberattackers are clean on exploiting vulnerabilities on Bluetooth devices. Some Bluetooth security threats to be aware of:
Bluejacking. In a bluejacking cyberattack, one Bluetooth-enabled device hijacks another and sends the hijacked device spam messages. If the recipient clicks on one of these spam messages, they are often taken to a malicious website where malware can be installed or personal information may be stolen.
Bluesnarfing. In a bluesnarfing cyberattack, similar to a bluejacking cyberattack, one Bluetooth-enabled device hijacks another and sends the hijacked device spam messages. If the recipient clicks on one of these spam messages, the cyberattacker then extracts information from the hijacked device, such as text messages, photos, emails, and the identifying information that your device sends to your ISP.
Bluebugging. Bluebugging cyberattackers establish a covert Bluetooth connection with your phone or laptop and use this connection to gain backdoor access to your device. Once in, cyberattackers can spy, steal sensitive information, or use your device to impersonate you.
The FCC recommends taking the following steps to take for Bluetooth security2:
- Turn of Bluetooth when not in use. Active Bluetooth connections allow cyberattackers to discover what other devices you have connected to previously, to spoof one of those devices, and then can gain access to your device.
- If you connect your mobile device to a rental car via Bluetooth, your phone’s data may be shared with the car. Be sure to unpair your phone from the car and delete and personal data from the car before returning it. Take the same steps when selling a car.
- Use Bluetooth in “hidden” mode rather than “discoverable” mode, to prevent other unknown devices from finding your Bluetooth connection.
1 Marks, 2021, “How Secure is Bluetooth? A Full Guide to Bluetooth Safety”
2 FCC, 2021, “Wireless Connections and Bluetooth Security Tips”