August 22, 2019
Sorry, readers. Your Bluetooth device is a security risk
We hate to be the purveyor of bad news, but if you're using Bluetooth with your digital devices—and you know you are—you could be vulnerable to security risks.
That means anyone with a Ring video doorbell, smart lighting setup, AirDrop on an iPhone, portable speaker, headset and on and on it goes.
The odds of it hitting you are remote. But just like doing sensitive things on a public Wi-Fi network, being aware of the risks might not be a bad way to go.
"Bluetooth is something that can be hacked. It's fairly easy and we should be aware of it," says Matt Lourens, a security engineering manager with Checkpoint software.
Bluetooth, like Wi-Fi, is a communications protocol for sending information from devices.
"When it comes to sharing potentially sensitive data with someone else, Bluetooth isn't the best technology that truly guarantees a safe and secure exchange," notes Jovi Umawing, a researcher with Malwarebytes Labs. "You're better off using other more secure methods of sharing data."
For most of us, we'll continue our lives getting updates from Ring about who's at the door, check our daily steps on our phone and pair Amazon and Google speakers with our phones and use our phone to get in our homes and cars as part of our daily Bluetooth routine.
In an age when phone manufacturers are ditching the headphone jack, many of us turn to wireless Bluetooth headphones to continue listening to music. So that's probably not of concern to hackers, says Umawing.
"But you might want to think about your IoT devices, mobile phones, and smart jewelry," he adds, referring to the "internet of things," or the network of smart devices that interact with one another.
Mashable noted this week that, at the DEF CON security conference, researchers demonstrated how Bluetooth could be used to get into a digital speaker. From there, the hacker could take over the speaker and boost the volume to unbearable levels.
The odds of your iPhone being taken over when using the Bluetooth AirDrop feature to share photos from phone to phone are pretty remote. But it could happen.
Security researchers noted on the Hexway blog that if Bluetooth is on, information about your battery, device name, Wi-Fi status mobile phone number is available for hacking. And it demonstrated just how hackers could intercept your photos during an AirDrop share.
"AirDrop seems to be less anonymous than we thought," noted the blog.
Jody Fisher, who works in public relations, says he leaves his Bluetooth on all the time but has disabled his AirDrop on the iPhone.
"A year ago, I was on a ferry coming back from vacation and had a weird photo (a meme style image) pop up on my phone via Airdrop from a source I didn't recognize," he says. "I checked my settings, and it was open to anyone. I immediately shut it off and have left it off ever since. I turn it on to receive from people only when they are standing right in front of me."
Dan Gillmor, a longtime journalist and professor at Arizona State University, says he routinely leaves Bluetooth off for security concerns. "I only use it when I have a specific reason."
As a precaution, Umawing recommends updating your devices with the latest security updates.
And Lourens says to use common sense. Bluetooth can be hacked, but the hacker needs to be nearby. So in the home, you're probably in good shape. Unless you are specifically being targeted.
When it comes to the airport and other public places where you're surrounded by many people, "I'd turn it off," says Lourens.
Another concern: shopping. Many retailers have Bluetooth beacons placed in-store to watch over you and track your location and shopping habits. Turning off Bluetooth before you enter will save your battery and keep prying eyes away from your device.
"If you really want to be safe, turn off the internet, stop using your cell phone, don't drive anymore....you get what I'm saying?" says Lourens. "You will always have a level of risk. Just be aware of it and change your behavior."
(c)2019 U.S. Today
Distributed by Tribune Content Agency, LLC.