As the ever so impending world of technology overcomes us as human beings, we are constantly connected through communication on multiple platforms using even more resources to do so. Coupled with the global epidemic of cybercrime and the many threat vectors that are associated with it, one aspect that tends to be over looked is Bluetooth.
Bluetooth is a key component of wireless communications. It provides a low-energy and low-cost solution for short-range radio transmissions. Bluetooth Low Energy (BLE) has become the dominant technology for connecting IoT (Internet of Things). It can be found in cellphones, headsets, speakers, printers, keyboards, automobiles, children’s toys, and medical devices, as well as many other devices.
The technology can also be found in automated smart homes, to provide monitors and controls for lights, thermostats, door locks, appliances, security systems, and cameras. Bluetooth offers convenience and ease of use, but it lacks a centralized security infrastructure. As a result, it has serious security vulnerabilities, and the need for awareness of the security risks are increasing as the technology becomes more widespread.
Think about this for a second, for the general public, Bluetooth was primarily used to transfer multimedia between each other for recreational purposes using our mobile devices. Today it would almost seem the trend has swayed from us having to remember to turn our Bluetooth on to a culture of us having to remember to turn it off, and in most cases we never turn it off. We use it to connect to our audio devices, and our cars to ensure convenience of our daily lives, however, we need to understand that by doing so we are susceptible to being exploited.Without trying to get too technical it is very possible for hackers to gain access to your valuable information stored on your Bluetooth device, this would be highly problematic and even disastrous in certain circumstances. For instance, where one would have access to sensitive information in the form of business related emails on their mobile device, access can be gained to it and the information stolen, including usernames and passwords for various accounts. According to research firm InsightExpress, a study conducted revealed that on average about 70 percent of mobile device users are unaware of the possible security threats they are susceptible to with regard to their mobile devices. That being said, if a person was to have the malicious intent to gain unauthorized access to your Bluetooth device, they would have to be inclose proximity it.
The most obvious step to take for the mitigation and prevention of this type of threat would be to ensure that all software updates on all of these devices are updated as and when they become available, one can further purchase additional security software for their devices which most antivirus suppliers provide. However, it is up to the user of that device to exercise due diligence in terms of ensuring that their Bluetooth is not constantly active, authorisation measures such as passwords for access are enabled and to only accept transmissions from known senders.
Mitigating Bluetooth Vulnerabilities
Bluetooth vulnerabilities are significantly different to computer system vulnerabilities and as such have to be dealt within a different manner. While application software patches are used to resolve vulnerabilities in computer systems, Bluetooth devices require upgrades in device firmware. These upgrades cannot be developed by the general public, therefore Bluetooth devices will continue to be vulnerable to attacks even if mitigation solutions become available. While all attacks cannot be prevented, and security is not guaranteed, there are countermeasures that can be used to secure Bluetooth communications. Some of those mitigation techniques are described below:
· Make sure your device has the latest operating system and security updates
· Ensuring devices have a limited access range. This is done by setting devices to the lowest power level if possible
· Using long and random PIN codes, which make the codes less susceptible to brute-force attacks
· Changing the default PIN for devices and frequently updating this PIN
· Setting devices to undiscoverable mode by default, except as needed for pairing