Yes, Bluetooth can be hack. While the use of this technology has offered many conveniences, it has also exposed people to cyber-attacks.
Almost all devices are Bluetooth enable, from smartphones to cars. People are surround by this technology every day. But what many don’t realize is that using a Bluetooth connection comes with a number of security and privacy risks.
How does Bluetooth hacking happen?
Bluetooth allows devices to connect to each other over very short distances, often for only a short time. As such, most Bluetooth hackers rely on being within close range of a target. So they can perform the attack in a limited period of time. Crowd public areas are know hotspots for Bluetooth hackers. Especially those places where people tend to stay the longest (ie coffee shops).
When the target moves out of range, it can feel like the game is over for the attacker. It is important to note that some attacks can be carried out even hundreds of meters away. So moving a few meters doesn’t mean you’re moving exactly out of range.
Some cyber criminals have also found a way to hack a device’s Bluetooth connection and take control of the device, all in just 10 seconds. What is even more alarming is that hackers can do this without interacting with the user.
Three types of Bluetooth attacks
There are three main types of Bluetooth-based attacks. They differ based on their tactics and the severity of the damage they can cause.
Bluejacking is the least harmless of these attacks. It involves sending unsolicited and often anonymous messages to Bluetooth-enabled devices within a certain range. It works more like a prank meant to annoy, although you can also receive NSFW messages.
Bluejacking generally does not cause as much damage as other attacks as it does not involve taking control of the device or accessing any of your files.
Bluesnarfing is a bit more complicated and sinister. This attack uses a phone’s Bluetooth connection to steal information stored on the device. Hackers can access a device from a distance of up to 100 meters without leaving any traces. During the attack, cybercriminals can access and steal contact information, emails, calendar data, passwords, photos, and other personally identifiable information.
Bluebugging is the most damaging type of Bluetooth hacking. During the attack, a skilled hacker can gain full access and control of the device. This is done by setting up a backdoor on the victim’s system. It can be used to spy on the victim by listening to phone conversations and intercepting or redirecting the communication (such as forwarding the victim’s calls to the attacker).
During a Bluebugging attack, a hacker can read SMS messages and reply to them. They can make calls and gain access to online accounts or applications without alerting the device owner.
What is BlueBorne?
BlueBorne is an attack vector detected in 2017 by the security firm Armis. It spreads through the air and hacks into devices via Bluetooth. It doesn’t need to pair with the target device, and worse, it doesn’t even need to make the device discoverable. Virtually all mobile devices with Bluetooth technology are susceptible.
It gives hackers full control of the device and can be use to access corporate networks and data. According to the Armis report, it can penetrate secure “air-gapped” networks and spread malware to devices within range.
BlueBorne can be use for cyber espionage, data breaches, ransomware campaigns, and even to create botnets from other devices.
While patches have been rolled out for affected devices, BlueBorne showed how easily Bluetooth technology can be exploited by hackers and how much damage it can cause.