This article provides a simple but non technical description of security issues existing in a common Bluetooth device and some simple tips on how we can protect ourselves doing simple things rightly and being little more careful and aware about Bluetooth usage.
Bluetooth Security Risks and Tips to Prevent Security Threats
As the computer, cell phones and technology adoption is increasing, Bluetooth (BT) is also gaining immense popularity and acceptance. Almost all large corporations have adopted Bluetooth as one of the technology for connecting, communication and data transfers officially. In general mobile phones consist of about 60% of overall Bluetooth technology usage. Bluetooth gives immense freedom and power to communicate and transfer data over short distance typically 100 Mt to 300 Mt, known as PAN (personal area network). Following are the most common usage of BT technology:
- In Wireless hands free headsets with mobile phones.
- Using Peripheral devices like (mouse, printer or keyboard) with a computer.
- Transferring contact information, data files, images etc between other cell phones, smart phones and PCs.
Despite several enhancements in the Bluetooth security features Bluetooth communication is still not immune to security threats. It poses great security risks especially for people who have little or no understanding of technology like celebrities, famous people or people from non technical disciplines etc.
BT Security Risks
- The first step in using any BT device is to turn on the BT feature in it. The default state of BT in any device is “Off" mode.
- Once BT is turned on, it is in active but dormant state. In order to use it, it needs to be put in to “Discoverable" state. In theory when a device is in “non discoverable" state it should not be visible to other devices but in reality the device is still discoverable to those devices it has made a connection before using MAC address. A hacker seeing the Blue LED can use Brute Force address discovery process to record the MAC address and hack the device using software such as RedFang.
- During communication process also BT technology exposes itself to security breach as the address itself is not encrypted although the message may be encrypted. Technique such as frequency hogging provides some protection but is not completely secure.
- There are devices available in the market which can capture a Bluetooth signal from the air and analyze. At present cost is prohibitive for casual hackers to acquire some of these devices but still a professional hacker can use those devices and hack vital information.
- Many owners leave the BT device in the discoverable mode after actual use due to ignorance or simply forget to turn off “discoverable" mode which gives hackers easy opportunity to pair with their device and hack.
- Pairing two BT devices usually does not require any authentication, however using a service like file transfer or data/video/voice exchange require some authentication by entering PIN. Once PINs are entered a link key is generated and stored in the device’s memory. This process is not required for next time onwards.
- Many vendors do not implement authentication and authorization process correctly allowing hackers to steal information or use one’s phone or use it for making calls or SMS.
Few Tips for using Bluetooth Securely
All of the above deficiencies leave a Bluetooth device vulnerable to security threats. Even though security gaps are being filled every day by the manufacturer and technologist, Following are some of the tips that a normal user can keep in mind and protect himself from an amateur BT hacker.
- Keep BT in the disabled state, enable it only when needed and disable immediately after the intended task is completed.
- Keep the device in non-discoverable (hidden) mode,
- DO NOT accept any unknown and unexpected request for pairing your device.
- Use non regular patterns as PIN keys while pairing a device. Use those key combinations which are non sequential, non obvious on the keypad.
- Keep a check of all paired devices in the past from time to time and delete any paired device which you are not sure about.
- Register your device at the Manufacturer site and insure that security updates are installed regularly to protect from previously know threat which had been rectified in new models.
- Always enable encryption when establishing BT connection to your PC.
Above Bluetooth Security Tips should make your Bluetooth experience trouble free. Good Lock…!!!