Let’s face it. We can’t live without Bluetooth anymore. Our headphones, mobiles, keyboards, cars, and all kinds of electronic devices get internet links and interact with us through this technology. It’s here to stay, and it’s only becoming more prevalent. However, Bluetooth’s success begs the question about the technology’s security status: how safe is Bluetooth?
Well, it’s safer than WiFi for the most part. But every technology has vulnerabilities, and Bluetooth is no exception. In this article, we discuss Bluetooth, its security, and how you can prevent it from being hacked.
Bluetooth: What is it?
You probably have used Bluetooth technology to connect your iPhone to AirPods or your most-loved music program to a speaker.
Bluetooth is a communications protocol that creates a local network wirelessly linking nearby devices. So, for example, Bluetooth can allow your phone to connect with your headphones and use them as an audio output device without a cable.
It’s an open standard. That means that it’s a technology freely available to anybody. You don’t need to have a license to use it. This feature has helped Bluetooth become popular, and many devices adopt it daily.
Bluetooth is Jaap Haartsen’s brainchild, an Ericsson employee at the time — the early nineties. It is generally safe to connect devices through Bluetooth to one another. It is because the devices operate on a range of frequencies, and they hop between them hundreds of times a second.
In our current markets, you can find a wide variety of objects featuring Bluetooth functionality, from smartwatches to fridges.
Types of Bluetooth
Bluetooth was first developed to transmit data between two devices close to each other. What was initially a simple and insecure technology has become one of the most used technologies.
The evolution of Bluetooth to keep up with modern technological advances has given birth to many versions of Bluetooth. To make it easier, we will categorize Bluetooth technologies into two.
- Bluetooth Low Energy (BLE): This is an energy-saving Bluetooth technology commonly used by low-energy devices like FiBit devices. These devices have small batteries and occasionally transmit small amounts of data. They save energy by going into ‘sleep mode’ while awaiting another transmission.
- Bluetooth Classic: This energy-intensive Bluetooth technology can transmit large amounts of data over a long period. It is mostly used in data-intensive processes like wireless headphones to transmit audio from your device or wireless controllers when gaming. Bluetooth classic requires continuous connection and therefore consumes a lot of energy.
How does it work?
Bluetooth utilizes short-wavelength UHF radio waves with frequencies between 2.402 and 2.480 GHz to transmit data between two devices. It comes in handy when you don’t want to connect a USB cable between your laptop and your phone or when you want to avoid the AUX cable when connecting to a sound system. Basically, Bluetooth works in two stages; pairing Bluetooth devices and sending data over Bluetooth.
Pairing Bluetooth devices
Before you can pair Bluetooth devices, ensure they are close to each other, within 30 feet. The first connection between Bluetooth devices requires pairing approval. After successful pairing, the connection will be automatically remembered in the future every time the devices are close to each other with their Bluetooth activated.
The weak Bluetooth broadcast signals ensure it does not interfere with other connections operating on similar frequencies. This first-time approval requirement when paring makes Bluetooth relatively secure, and you can unpair all connected devices after completing transmission to improve security.
Transmitting data over Bluetooth
Bluetooth is quite effective in data transmission regardless of its relatively weak signal. For example, it instantly transmits your actions when playing a game using wireless controllers or listening to music from Spotify on your wireless headphones.
A Bluetooth network comprises a master device and up to seven receivers/slavers. The master device is the only device that can send data, while the others only receive it. The network automatically switches its frequency within its range to maintain a stable connection. It can randomly choose from 79 frequencies, avoiding those already used by other devices.
Is Bluetooth encrypted?
Bluetooth supports encryption in BLE 2.1 and above. The encryption occurs after pairing the devices in the network. However, variations exist in the encryption protocols and security standards due to the difference in Bluetooth versions and devices. For instance, the encryption and security standards for pairing two mobile phones differ from those of pairing a mobile device with wireless headphones.
Connections between devices with an input like a screen using a ‘link key’ to exchange encryption data where a user enters an identical PIN on the two connecting devices to authorize pairing. The devices then use the PINs to generate secret link keys to establish an encrypted connection.
This process adds an extra security layer by preventing any potential key sniffing by malicious third parties.
The uses of Bluetooth
Bluetooth is everywhere these days. It’s part of our daily routine because we use it in several ways, and we have it so assimilated that we hardly think about it anymore.
- Sharing files. Videos, photos, music files, and documents. You can transfer them between Bluetooth-enabled devices quickly.
- Device pairing. You can use a Bluetooth speaker to play music wirelessly from your phone, tablet, or computer. In addition, there are wireless Bluetooth mice, keyboards, and printers. Besides, most modern cars have Bluetooth integrated to play music, have hands-free calls, navigate, reply to messages, and more.
- Health monitoring. Fitness trackers are an example of a helpful Bluetooth device that monitors your health or your gym activity. There are also Bluetooth-enabled pacemakers. Most smartwatches will connect to your phone and keep track of your blood pressure, oxygenation, and pulse.
- Creating a hotspot. Suppose you don’t have the internet on your computer, but your phone is online through your mobile provider. You can tether your mobile connection to use your phone as a WiFi hotspot and share it with your computer.
- Home security. The latest home security systems are online, and you can manage them through Bluetooth signals on your phone, which also acts as an access key.
- Protecting your devices. Some programs lock down your computer unless your phone is within Bluetooth range. Since your mobile is supposed to be near you always, this guarantees that your computer can only be used if you’re near it.
Bluetooth advantages and disadvantages
There is no doubt about Bluetooth’s convenience and other advantages. But no technology is ever perfect, and Bluetooth has disadvantages too. So let’s look at both sides of the coin.
Advantages
- Automatic and easy. A pair of devices that already know how to find each other will do so automatically as soon as they’re online.
- Wireless. Doing away with cords and their corresponding and unavoidable tangles is lovely.
- Compatibility. You can find all kinds of devices enabled with Bluetooth. A beautiful thing about this protocol is that the operating system or manufacturer is utterly irrelevant. It always works.
- Multiple devices. A “master” device in a local Bluetooth network can feed information to seven other devices.
- Security. Every new Bluetooth pairing requires user approval, and these connections only work over very short distances. So it’s almost impossible for you to get surprised (unless you deliberately put your Bluetooth security at risk by enabling unpaired connections).
Disadvantages
- Health issues. There is no evidence of any health issues related to Bluetooth. However, the Bluetooth frequencies are in the microwave range known to interact with living tissues. So while there is no evidence, the jury is still out.
- Energy consumption. Bluetooth devices are very efficient and work with a relatively low amount of power. However, many gadgets are always online, so you need to charge them frequently. If your phone or tablet has Bluetooth, your battery will drain quickly.
- Easy to locate. Bluetooth-enabled devices can easily find their “peers” as soon as they are in the range. That’s very convenient for the user. Unfortunately, it’s even more convenient for hackers who can find out what’s on the menu without effort. It is risky when your devices are in public.
- Limited range. Bluetooth connections are only reliable within a distance of 10 meters.
- Slow speeds. The latest Bluetooth versions keep getting faster. Nevertheless, they remain very slow compared to WiFi connections, never mind wired links.
Is Bluetooth very safe?
No digital technology is 100% safe, let alone when it’s wireless. Bluetooth signals are susceptible to malware attacks, including malvertising, according to the internet of things security companies.
While the need to authorize by hand every new Bluetooth pairing and the short-range, it has helped make this technology much safer than, for example, WiFi. However, it still has vulnerabilities. Hackers know three methods to compromise Bluetooth connections: bluesnarfing, bluejacking, and blue bugging. Let’s explore them.
Bluejacking
In this attack, a Bluetooth-enabled device hijacks another to flood it with spam messages. It’s mainly annoying, more than dangerous. However, since these spam messages often include phishing attempts, there’s always the danger that the user will fall for them, following the wrong link, and so forth. In addition, the malicious link will try to steal information from the user or spread malware into the device in question, bringing the attack to a new level.
Bluebugging
This one is different. The hacker manages to set up a stealth Bluetooth link to your phone or your computer. The link, in turn, allows them to exploit a backdoor into your system. Once they’re in, they can literally own your computer behind your back and spy on everything you do, copy your most sensitive information or even use your computer to impersonate you on any software installed on your device –which is particularly serious if you have banking apps.
Bluesnarfing
Bluesnarfing is like Bluejacking’s older brother. Here a device also hijacks another Bluetooth gadget, but it doesn’t limit itself to sending spam. It extracts information too, which is why it’s way more dangerous. Your data becomes vulnerable in this situation (pictures, emails, text messages, documents, etc.). The worst thing is that these files and data can give the hacker enough information to identify you or, for other purposes, all of them nefarious.
Car whispering
Car whispering is a security vulnerability targeting cars with Bluetooth-enabled radios. Hackers can connect to these networks and eavesdrop on phone calls and conversations inside the car. Additionally, they can inject malicious audio without your knowledge.
Bluesmacking
This is an attack where hackers send oversized packets to your device, forcing it to shut down. It is a Denial of Service (DDOS) attack, and the hackers can use it to launch more complex attacks. Thankfully, rebooting is an easy fix, and your device can start functioning normally.
Cases of Bluetooth attacks
You need to know this: any device with Bluetooth is vulnerable to the protocol’s security threats. This type of hacking is not the most frequent one. However, it’s there and gives a determined hacker the tools he will need to do plenty of damage. Let’s see some examples.
2017 was the year of the BlueBorne attack. This technique showed how a Bluetooth device could get hacked without authorizing a pairing beforehand. Even worse, even those devices configured to be non-discoverable were vulnerable to this attack.
Once the hacker succeeds, he could become the device’s new owner, gaining complete control to extract any information he wants, gain access to specific networks, issue a ransomware threat, or install further malware. BlueBorne could hit almost every Bluetooth device at the time.
Then, in 2019, a group of hackers discovered an array of security loopholes in Apple’s macOS Bluetooth implementation. The result was that the Bluewave Zero-Click Bugs gave them the power to take over any Apple device they wished. And a few weeks later, the hackers of their world turned their attention to Android devices and came up with the BlueFrag leak, which gave them the power to steal data, spread a worm, or install stealth malware.
In 2021 an academic research group discovered no fewer than 16 Bluetooth vulnerabilities in most commercial chipsets. The new group of security loopholes became BrakTooth, allowing attackers to do anything from crashing a system to executing arbitrary code. The severity depended on the device in question, but it was mainly a generalized problem.
There’s no need to worry about those vulnerabilities. They have been patched already, so they’re not an issue for current Bluetooth users. However, the critical point to take away from these past examples is that a new vulnerability could arise at any moment, and it’s essential to be aware.
Bluetooth and privacy
With the information we’ve shown you so far, it would seem that hackers are the most frequent abusers of Bluetooth technology. But appearances will deceive you. Apps such as Google and Facebook take advantage of your phone’s Bluetooth capability to figure out your physical location in real-time.
Even if you turn off your phone’s Bluetooth feature, it will still recognize Bluetooth signals in its vicinity –the difference is that it won’t transmit. These signals give some apps enough information to pinpoint your position. In other words: they can monitor your position and movements at every moment and keep a log if they so wish. And to make things even worse, Bluetooth’s short range makes it more accurate than GPS when it comes to tracking a device.
And it’s no secret, either. If you read the privacy statement of many apps, they have no problem letting you know that they are using your Bluetooth chipset to know where you are. But, of course, nobody reads these texts, so very few people know this happens. The good news is that now you belong to the select group of aware users.
However, not everything is lost. For example, location tracking needs your authorization, so if you manually turn off this permission for the apps tracking you, you can keep your physical location private.
Bluetooth and security
So now you know. Bluetooth has both security and privacy loopholes that can put you at risk. Therefore, it’s wise to adopt a set of simple measures that can maximize your Bluetooth security at all times and avoid any nasty surprises. Let’s review them.
1. Keep your system updated
Keeping your devices updated is the best preventive measure for Bluetooth security. So get every security patch and update it as soon as it’s released. Amazon and Google, for example, issued updates for BlueBorne quickly, so preventing any problems was straightforward.
2. Set your device to not discoverable
A hacker’s first choice for a Bluetooth attack will be a near and discoverable device. So make their job harder. Set your Bluetooth to “not discoverable.” Each device has a particular way of doing it.
iOS
If you’re an iPhone user, Apple says that your iPhone is discoverable only when you have the settings > Bluetooth screen showing. Once you’re out of this screen, your iPhone is non-discoverable or available for other pairings.
macOS
On an Apple Mac, follow these steps:
- Open “System Preferences.”
- Pick “Sharing.”
- Find the Bluetooth Sharing box and uncheck it.
Android
If you’re on Google’s mobile operating system, then here’s what you need to do:
- Go to Menu > Settings > Bluetooth.
- Turn Bluetooth on.
- Pick “More connection settings.”
- Turn off the “Nearby scanning devices” option.
Windows 10
- Go to Start > Settings > Devices > Bluetooth & Other Devices.
- Turn your Bluetooth on.
- Pick “More Bluetooth Options.”
- Find the “Allow Bluetooth devices to find this PC” box and untick it.
3. Share information prudently on Bluetooth links
Sensitive information does not belong on the air, broadcasting to anybody who can intercept it. Remember: Bluetooth is vulnerable, so don’t use it to share data or files if you want to remain safe.
4. Mind your Bluetooth connections
Don’t accept Bluetooth connection requests if you’re unsure who’s asking and want it. It’s hard to believe that hackers use this simple strategy, but they do, and it works. So don’t do their job for them.
Turn off your Bluetooth
Your Bluetooth chipset is always sniffing for other Bluetooth devices it knows from the past to pair with them automatically. While this is very convenient, it’s also unsafe because it creates a vulnerability, making your phone readily available to attackers. So, unless you’re using your Bluetooth, please turn it off. It won’t only improve your safety but also extend your battery life. If you’re in a public space, like an airport, a hotel, a restaurant, and public WiFi hotspot, then be even more careful and keep your Bluetooth off until you need it.
5. Avoid public pairings
If you need to pair two devices through Bluetooth, perform the pairing in a safe place. Whenever you buy that cool new Bluetooth toy you wanted, keep it in its box until you get home. Please resist the temptation to immediately pair it to your phone or preferred device.
This strategy will keep your device non-discoverable as long as you’re in public. If you perform the pairing, it will have to be discoverable, at least for a moment.
6. Unpair old pairings
Don’t keep your device loaded with pairs for hardware you don’t use anymore. Each useless pairing is a vulnerability, and you need to avoid it. Instead, keep only the pairings you are sure to use frequently.
Signs that your Bluetooth may be hacked
Bluetooth attacks are difficult to detect, but others have noticeable effects on your device. Let’s look at the most common signs of a Bluetooth attack on your device.
- High data consumption: After hacking your Bluetooth network, the hackers will likely try to access an external server to steal your passwords, email addresses, contact lists, and other sensitive information. This process consumes a lot of data. If you notice abnormal data consumption, a background breach is possible.
- Quick battery drain: Your battery can drain unusually fast for many reasons. So, if you are sure it is not a case of malfunctioning or misconfigured applications, something sinister could be happening under the hood. This may be because of a Bluetooth attack exposing you to malware in the background.
- The device becomes slow: Once attackers breach your Bluetooth network, they can install various forms of malware which run in the background. These malicious programs consume your resources, such as RAM and CPU, causing your device to slow or freeze.
It is important to note that all the signs above are not limited to Bluetooth attacks, and they can also be caused by faulty hardware or misconfigured applications. Additionally, you should consider installing a robust antivirus program to detect and remove malicious files.
How to make Bluetooth undiscoverable
You can make your Bluetooth undiscoverable to prevent detection by nearby devices.
Making Bluetooth undiscoverable in iMac and Macbook
Follow these steps to toggle on or off the discoverability of Bluetooth on your iMac or Macbook device.
- Go to ‘System preferences’
- Click ‘Sharing’
- Uncheck the Bluetooth Sharing box
You can also verify the Bluetooth’s discoverability of your device by going to ‘Option’ and clicking the Bluetooth icon in the top menu bar.
Making Bluetooth undiscoverable on Windows 10
Follow these steps to hide your device’s Bluetooth from other devices.
- Open ‘Settings,’ go to Devices, and click Bluetooth & Other Devices.
- Toggle ON your Bluetooth.
- Go to More Options
- Uncheck the Allow Bluetooth Devices to find this PC box
Bluetooth and VPNs
At this point, you could be wondering if a VPN will help you keep your Bluetooth secure.
We like VPNs. We want every reader to subscribe to a top-notch VPN to protect their privacy, security, and anonymity. VPNs are arguably the best digital security tool for internet users. But, alas, a VPN will not make your Bluetooth any safer.
The thing to realize is that Bluetooth security issues do not come from the internet, which is where the VPN can keep you safe. Instead, they come from your physical vicinity.
A VPN will protect you from a hacker near you by encrypting your traffic so that interception becomes pointless. However, your Bluetooth connections are strictly local, and the VPN doesn’t cover them. Thus, a nearby Bluetooth threat will remain under your VPN’s radar.
This is not a loophole in your VPN’s security features. It’s the nature of the beast. Bluetooth attacks are primarily physical, don’t come from afar, and are not based only on software interactions, which is where the VPN shines.
Bluetooth and antivirus software
The next logical question is whether an antivirus suite will help keep your Bluetooth links safe.
Let’s start by saying that a top-notch antivirus suite like Kaspersky is essential if you care about your online security.
But no, it won’t help you with Bluetooth security either. At least not directly.
There is a way in which a good antivirus will help you, anyway. Once an attacker links to your device, if he tries to inject malware into your system, the antivirus will detect and deal with it before it can do any damage. So while the antivirus will not prevent the Bluetooth attack, it will be useless.
Is Bluetooth radiation a concern?
Bluetooth waves are relatively weak and can only travel to a maximum of 30 feet or less when faced with obstacles and walls. Also, a Bluetooth network automatically switches frequencies between 2.402 and 2.480 GHz to stabilize connection and combat interference.
Just like mobile phones, Bluetooth emits energy which is a source of radiation called Electromagnetic Radiation (EMR). Generally, Electromagnetic Radiation is a wave of electromagnetic fields which carry Electromagnetic Radiant energy. They include; Gamma rays, X-rays, Ultraviolet rays, Visible light, Infrared, Microwaves, and Radio waves.
There are two types of Electromagnetic radiation; Ionizing EMR and non-ionizing EMR. Ionizing EMR is high-energy radiation that alters an atom or cell’s structure. They normally have high frequencies and a short wavelength. High exposure to ionizing EMR can alter your body cells and cause cancer. Ionizing EMR can be found in Gamma rays and X-rays.
On the other hand, non-ionizing EMRs are low in energy and, therefore, cannot alter the structure of a cell or atom. They normally have lower frequencies and longer wavelengths. Non-ionizing EMR can be found in Bluetooth, infrared, microwaves, and radiofrequency. However, some, like microwaves, can produce enough heat to cook food.
Therefore, Ionizing EMRs are fatal to human health and can cause instant damage to human tissue and body organs, while non-ionizing EMRs pass through the body without harm.
So, is Bluetooth safe
Bluetooth belongs to the non-ionizing category of electromagnetic radiation, which passes through the human body without affecting it. Also, Bluetooth has a low specific absorption rate (SAR) which is the rate at which human bodies absorb energy per unit mass when exposed to a radiofrequency electromagnetic field. This further confirms it does not pose a danger to human beings.
Despite Bluetooth emitting non-ionizing electromagnetic radiation, many people still question its safety. This is because there are many terminal diseases associated with radiation.
Common Bluetooth safety concerns
Let us discuss some of the most common safety concerns associated with Bluetooth.
Can Bluetooth headphones damage my brain?
This is a question raised by many Bluetooth headphone users. Bluetooth produces non-ionizing electromagnetic radiation, which has a low power output. Therefore, the energy produced by wireless Bluetooth headphones cannot produce enough heat to damage your brain.
On the other hand, microwave power output is 8500 – 18000 times higher than that of Bluetooth. Bluetooth headphones emit a maximum of 100mW which cannot cook your brain even if you use them all day.
Can Bluetooth headphones lead to infertility?
Mobile phone devices have been linked with male infertility for a while now. A study by the Journal of Fertility and Sterility in 2019 revealed that using your mobile phones near your testicles can affect sperm quality due to exposure to damaging radiofrequency waves.
Other studies found that the oxidative stress caused by EMR emitted by mobile phones greatly affects the sperm’s motility, morphology, sperm count, and other parameters. However, this doesn’t apply to Bluetooth devices, which are usually used away from the lower half of the body.
After all, the allegation that Bluetooth devices cause male infertility hasn’t been established. So, we cannot conclude that it will make you sterile.
Can Bluetooth cause cancer?
A study in 2015 suggested that mobile phone users have an increased risk for meningioma, a type of brain tumor. Please note that the study found that mobile phones only increased the risk and not directly causing meningioma.
Many concerns were later raised regarding non-ionizing electromagnetic devices like Bluetooth. Various research has been conducted since then, and there is no conclusive evidence that mobile phones or Bluetooth devices can cause cancer.
Additionally, Bluetooth devices emit low power insufficient to harm human cells. Also, they have a significantly low specific absorption rate (SAR) compared to mobile phones. Therefore, before we even raise concerns about Bluetooth devices causing cancer, we should have conclusive evidence about mobile phones.
Why do we have Bluetooth safety concerns?
The issues surrounding Bluetooth device safety started in 2015 when various studies indicated that long exposure to EMR emitted by mobile devices could have detrimental health effects. A group of 200 scientists later appealed to the United Nations and the World Health Organization, requesting strict policies to regulate technologies emitting electromagnetic radiation. The launch of Apple Airpods in 2018 further reignited the controversy, with scientists lobbying for stricter rules. The continuous controversy led to the current misconceptions about Bluetooth devices even though they emit lower EMR than mobile phones.
FAQs
No, it’s not. Your Bluetooth is safest when it’s turned off because that’s when hackers can’t find it or attack it. Of course, keeping your Bluetooth off at all times to improve its safety is a trivial solution that beats the purpose of having that technology. So use common sense. Keep your Bluetooth on only when you’re using it.
Have a look at your Bluetooth settings. You will find a list of all the devices paired through your Bluetooth radio signal. If you find a connection that looks wrong, turn it off immediately.
