Could Your Bluetooth Devices Be Hacked in 2019?
|fizkes/ShutterstockBluetooth is everywhere, and so are its security flaws. But how great is the risk? How concerned should you be about Bluejacking, Bluesnarfing, or Bluebugging? Here7;s what you need to know to protect your devices.
Bluetooth Vulnerabilities Abound
At first glance, it might seem like it7;s pretty risky to use Bluetooth. At the recent DEF CON 27 security conference, attendees were advised to disable Bluetooth on their devices while they were there. Of course, it makes sense you7;d want to be more careful with your device security if you’re surrounded by thousands of hackers in a fairly small venue.
Even if you’re not attending a hackers7; conference, there are valid causes for concern2;just read the news. A vulnerability in the Bluetooth specification was recently uncovered. It allows hackers to access your Bluetooth device via a technique called Key Negotiation of Bluetooth (KNOB). To do this, a nearby hacker forces your device to use weaker encryption when it connects, making it easier for him to crack it.
Sound complicated? It kind of is. For the KNOB exploit to work, the hacker has to be physically close to you when you connect your two Bluetooth devices. And he only has a short window of time to intercept the handshake and force a different encryption method. The hacker then has to brute force the password2;however, that7;s probably pretty easy because the new encryption key can be as short as one bit in length.
Consider also the vulnerability uncovered by researchers at Boston University. Connected Bluetooth devices, like earbuds and speakers, broadcast their identity in a surprisingly detectable way. If you use such a device, you can be tracked as long as it7;s on.
Both of these vulnerabilities popped up in the last month, and you only have to scroll back a year to find another. In short, if a hacker is nearby and sends an invalid public key to your Bluetooth device, it7;s highly probable she can determine your current session key. Once that’s done, the hacker can intercept and decrypt all data that passes between the Bluetooth devices easily. Even worse, she can also inject malicious messages on the device.
And we could go on. There’s ample evidence that Bluetooth is about as secure as a padlock sculpted from fusilli pasta.
It7;s Usually the Manufacturer7;s Fault
Speaking of fusilli padlocks, it7;s not the exploits in the Bluetooth specification that are to blame. Bluetooth device manufacturers shoulder significant responsibility for compounding Bluetooth’s vulnerabilities. Sam Quinn, a security researcher with McAfee Advanced Threat Research, told How-to Geek about a vulnerability he disclosed for a Bluetooth smart padlock:
;They had implemented it with no pairing required. We discovered that if you sent a particular value to it, it would just open with no username or password needed, using a Bluetooth low energy mode called 6;Just Works.’;
With Just Works, any device can instantly connect, issue commands, and read data without any other authentication. While that7;s handy in certain situations, it7;s not the best way to design a padlock.
;A lot of vulnerabilities come into play from a manufacturer not understanding the best way to implement security for their device,; said Quinn.
Tyler Moffitt, a senior threat research analyst at Webroot, agreed this is a problem:
;So many devices are being created with Bluetooth, and there’s zero regulation or guidelines about how vendors should implement security. There are a lot of vendors making headphones, smartwatches, all sorts of devices2;and we don’t know what kind of security they have built-in.;
Moffitt describes a cloud-connected smart toy he once evaluated that could play audio messages stored in the cloud. ;It was designed for people who travel a lot and military families, so they could upload messages for the kids to hear played back on the toy.;
Unfortunately, you could also connect to the toy via Bluetooth. It used no authentication whatsoever, so a malicious actor could stand outside and record anything to it.
Moffitt sees the price-sensitive device market as a problem. Many vendors cut corners on security because customers don’t see or assign much monetary value to it.
;If I can get the same thing as this Apple Watch for less than half the price, I7;m going to try that out,; Moffitt said. ;But those devices are often really just minimum viable products, made for maximum profitability. There is often zero security vetting going into the design of these products.;
Avoid Attractive Nuisances
The attractive nuisance doctrine is an aspect of tort law. Under it, if something like a pool or a snapping tree that grows candy (only applicable in magical realms) lures a child to trespass on your property and he7;s injured, you7;re liable. Some Bluetooth features are like an attractive nuisance that put your device and data at risk, and no hacking is required.
For example, many phones have a smart lock feature. It allows you to leave your phone unlocked as long as it’s connected to a specific, trusted Bluetooth device. So, if you wear Bluetooth headphones, your phone remains unlocked as long as you have them on. While this is convenient, it makes you vulnerable to hacking.
;This is a feature I wholeheartedly recommend no one use,; said Moffitt. ;It’s just ripe for abuse.;
There are countless situations in which you might wander far enough away from your phone that you aren’t in control of it, and yet it7;s still within Bluetooth range. Essentially, you’ve left your phone unlocked in a public place.
Windows 10 has a variation of the smart lock called Dynamic Lock. It locks your computer when your phone goes out of Bluetooth range. Generally, though, that doesn7;t happen until you7;re 30 feet away. And even then, Dynamic Lock is sometimes sluggish.
There are other devices designed to lock or unlock automatically. It’s cool and futuristic when a smart lock unlocks your front door as soon as you step on the porch, but it also makes it hackable. And if someone takes your phone, he can now come in your house without knowing your phone’s passcode.
;Bluetooth 5 is coming out, and it has a theoretical range of 800 feet,; says Moffitt. ;That’s going to amplify these kinds of concerns.;