bluetooth connection

How Safe is a Bluetooth Connection?

Last edited: May 12, 2020
Reading time: 16 minutes, 47 seconds

Most people are familiar with Bluetooth and have been so for a while. People have been using the technology even before there were smartphones to wirelessly transfer information from one device to another. In most cases, Bluetooth is more secure than Wi-Fi. However, as with any wireless system, your data could be transferred to others who you did not intend to have access to your information. And it’s not only music streaming to your Bluetooth headphones that may be compromised. Bluetooth could disclose a great deal of data from your mobile phone, laptop, or computer. It’s therefore time that you were aware of the security and privacy risks of using Bluetooth.

What is Bluetooth

bluetooth

In the tenth century, the Danish Viking leader Harald Denmark, also called Harald Bluetooth (Harald Blåtand), became the king of Denmark. He later united the kingdom with Norway. In recognition of the important role Nordic countries have played in the world of cell phone technologies, the technology for wirelessly connecting cell phone headsets was named after him.

Bluetooth technology is a protocol for establishing a local network to exchange data between nearby devices. It was developed in the early nineties by a Dutchman, Jaap Haartsen, who was working for Ericsson at the time. Bluetooth is an open standard, meaning anyone can freely use the technology without needing a license. This is most likely one of the main reasons why Bluetooth has been around for a while and is being built into more and more devices. Nowadays, there are wireless headphones, speakers and earphones such as Airpods, which all work via Bluetooth.

How Bluetooth Works

Bluetooth is a wireless connection that connects different devices, such as your phone and your laptop. This way you can exchange data between the devices without the need for a USB cable or another cable connection. Bluetooth technology makes use of short-wavelength UHF radio waves to establish a connection and is therefore essentially a radio connection. Bluetooth operates at frequencies between 2.402 and 2.480 GHz.

Easy, Fast and Secure

Bluetooth devices must be in close proximity of one another to be able to exchange information, usually within a distance of 10 meters. Because the broadcast signals are very weak, they usually have no effect on other devices operating at the same frequency.

When you connect a Bluetooth device with another one for the first time, you must approve the new connection. This makes the connection relatively secure. Once the device has connected for the first time, usually your smartphone or computer will remember the other device and will connect automatically, if both have Bluetooth activated.

Although a Bluetooth connection is relatively weak, you can use it effectively. The songs you want to listen to, for example, are sent instantly from your Spotify app to your headphones. It is even possible to connect up to 8 devices on one network. However, only one device, the “master”, can send data. All the other devices, for example, speakers in different locations in your home, are “receivers” or “slaves”.

Frequency Hopping

One of the great things about Bluetooth, is that it uses frequency hopping. This means that the connection constantly jumps between different frequencies within its range to maintain a strong, stable connection. There are 79 frequencies each Bluetooth network can choose from, so frequencies that are already been used by other devices, such as your garage door, can easily be avoided.

What is Bluetooth Used For?

As mentioned before, Bluetooth is used for exchanging information between devices that are in close proximity of one another. This can happen in many different ways.

Connect Devices

Today, Bluetooth is commonly used for playing music either through wireless speakers or earpods. Another typical example is the connection between your laptop or computer with a wireless mouse and keyboard or a printer. Modern cars use Bluetooth to play music from your phone through the car’s speakers, to make hands-free calls, use your navigation, and reply to messages without even touching your phone.

Share Files

You can also share files via Bluetooth. Photos, videos, and music, for example, are still being sent from phone to phone, just like people did in “the olden days”, before there were smartphones. Of course, you can also send files from your phone to your computer or vice versa, to safely store files or to always have them at hand.

Set up Tethering

If your computer does not have internet access and your phone does via a mobile network, then tethering is an option. Tethering means “sharing a mobile network with other devices”. Tethering enables you to use your phone as a hotspot. You can use a cable for tethering, or Bluetooth. By connecting your smartphone to your laptop, you can easily continue working or browsing on your laptop from anywhere without using Wi-Fi.

Secure the House

Bluetooth can help you keep your home secure. There are special locks or security systems, for example, that can be connected to your smartphone via Bluetooth, so you can use your phone as a key.

It can also be an extra security measure for you or someone else using your computer at home or elsewhere. You can download programs that ensure that your computer is only accessible if your phone is within Bluetooth range. And since our phones are usually where we are, this means your laptop can only be used when you are around.

Check Your Health

The health care sector also makes frequent use of Bluetooth enabled devices. In fitness trackers, for example, to name just one of the most popular health devices. Or, in a medical setting, a Bluetooth-enabled pacemaker that transmits data to an app on your smartphone that sends information to your healthcare professional, so that they can keep an eye on your health. This reduces the need for routine, in-person visits to the doctor to download data and hands some freedom back to the patient. Bluetooth is also useful in the gym. Consider, for example, a heart rate monitor that automatically transmits your heart rate to your fitness device and automatically optimizes your training.

Advantages of Bluetooth

Bluetooth has many advantages. That is why it has once again become so popular in recent years. Some of those benefits are listed here.

Wireless

The most obvious advantage of Bluetooth is the fact that it is wireless. You can use your headphones without getting annoyed or restricted in your movements by wires. Likewise, your Bluetooth-enabled printer, mouse and keyboard don’t need cables, so they can’t get in the way and it makes your desk look less messy. You can also just leave your phone in your pocket while you play music. Bluetooth does not need your speakers in its line-of-sight to work, as is the case with an infrared connection.

Automatic and Easy

In addition to freedom of movement, Bluetooth is also very easy to set-up. The system is automatic, so you usually only have to enable Bluetooth on both devices for them to be able to “find” each other. If it’s the first time you connect two devices, you have to approve the connection. Afterwards they automatically connect when Bluetooth is activated on both devices.

Compatibility

Bluetooth can connect devices of all kinds. Because it is a universal connection, you do not need special equipment. Even if your computer doesn’t actually have Bluetooth, there are Bluetooth transmitters for sale. These are small transmitters with a USB connection that enable your non-Bluetooth enabled computer to connect with other Bluetooth devices.

Multiple devices

With Bluetooth you can quickly send information to multiple devices at once. A Bluetooth network can connect up to 8 devices, with one being the “master” that controls everything and the other 7 the “slaves”. This makes it very effective to use, because you can connect multiple speakers to one phone, for example, so that your music can fill an entire party hall.

Low interference

Since Bluetooth sends relatively weak signals, it is very unlikely that your little network interrupts other signals. At the same time, frequency hopping ensures you have a strong connection. The weak Bluetooth signals are also reasonably energy efficient, so you can use your Bluetooth headphones, speaker or keyboard for a relatively long period of time before they go flat.

Secure connection

Because you must approve connections that are not already part of your network and Bluetooth only works at short distances, it is difficult to intercept the signal and thus steal data. The exchange of information via Bluetooth is actually even safer than via the internet. It is one of the most secure wireless communication protocols. But there are vulnerabilities that hackers can exploit.

Disadvantages of Bluetooth

No connection is a 100% perfect nor secure, and Bluetooth is no exception. Here are some of the drawbacks and security issues. Devices using older Bluetooth versions or generally less secure.

Battery Eater

Despite the relatively low energy consumption of Bluetooth, the problem with wireless technology remains that you have to charge devices more frequently. This is especially the case with smartphones. If they have Bluetooth on all the time, the battery drains faster. Turn off Bluetooth when you don’t need it.

Is Bluetooth Dangerous for your Health?

For years, there have been discussions about the possible link between Bluetooth radiation and health issues like dizziness, sleeping problems, anxiety, depression and even brain tumors. Some say that this has never been proven and that Bluetooth is completely safe. In all fairness, Bluetooth has not been as widely studied as cell phone radiation or other forms of radiofrequency electromagnetic radiation. However, a direct link has not been proven either. The discussion is ongoing. We will keep you informed.

Easy to Find

One of the advantages of Bluetooth is that it is a technology that can easily find devices in its vicinity. In your Bluetooth settings you can automatically see which Bluetooth devices are active in your area, such as your speaker or fitness tracker. Unfortunately, this advantage is also a disadvantage. Within seconds, hackers can see which devices are nearby and decide which ones to attack. For example, when you are at the airport or sitting in a train or a café.

BlueBorne Attack

Last year, news got out that millions of Bluetooth devices worldwide were susceptible to a BlueBorne attack. A BlueBorne attack could take over a device, be it your smartwatch, laptop or smartphone, within seconds. Although this vulnerability has since been fixed by Google and Amazon, it proves that even Bluetooth connections can be hacked.

Bluebugging

This is when a hacker manages to establish a connection with your phone via Bluetooth and penetrates the system while you are, for example, quietly sitting on the train on the way home. Next, they use your smartphone to call a paid telephone number that they have set up. This is also referred to as “Bluebugging”. At the end of the month, the hacker has made money, while you are left with a sky-high telephone bill.

Bluesnarfing

Bluesnarfing happens when a hacker connects to your phone via Bluetooth and, without your permission or knowledge, retrieves information from your phone, such as telephone numbers, e-mails or calendar appointments. To do this, a hacker needs a lot of technical knowledge and a lot of time. Therefore, there are few reported cases of Bluesnarfing.

Bluejacking

This is perhaps the first type of attack that Bluetooth faced. The scenario is as follows. A hacker sends a “business card” to another user via a text message. This business card is really just a message that the hacker typed himself. When you open the business card, a message will appear on your screen inviting you to open your Bluetooth. If you don’t understand what the message means, you may unwillingly have given the hacker permission to add your device to their contact list. From then on, he can easily send malicious files to you.

Bluetooth Tracking

In police series, phone calls are often tracked to find a kidnapper or criminal. In a similar way, but slightly less exciting, people can find out your location via Bluetooth. Every device you use has a MAC address. MAC is an abbreviation for “Media Access Control” and is a fixed number that belongs to your smartphone, laptop, or any other device. If your Bluetooth version is version 4.0 or lower, this MAC address is visible when you have Bluetooth activated. This feature can be used, for example, by retail stores to keep track of how often and when you enter their store. It can also be used to track people in times of crisis, such as the current coronavirus pandemic, in order to better trace and map infections.

Key Negotiation or Bluetooth Attack

In August 2019, researchers from the Universities of Singapore and Oxford, and the CISPA Center for Information Security in Helmholtz discovered a vulnerability in the Bluetooth protocol. This vulnerability could allow attackers to listen in to Bluetooth traffic from a distance via you’re a Bluetooth device. This attack is called a KNOB attack (Key Negotiation or Bluetooth Attack). Any device that uses Bluetooth 1.0 to 5.1 is vulnerable to this type of attack. Although researchers indicate that the chance of such an attack is small, it still jeopardizes the safety of Bluetooth.

Bluewave Zero-Click Bugs

In December 2019, the 360 Alpha Lab team reported a series of 5 MacOS Bluetooth vulnerabilities to Apple. The weakness are actually a rare combination of vulnerabilities in Apple’s macOS software. All owners of Apple notebooks are potential victims. Once hacked, a cybercriminal can actually take over the system and use it as a central location to attack paired macOS devices. Next, the attack can spread to other devices like a wave, hence the name “Bluewave”. Apple has officially confirmed that all the vulnerabilities are so-called zero-click, no-touch bugs. This means that hackers can start a distant attack without any contact with you and without you requiring to click anything. In early 2020, Apple released the necessary patches against these bugs.

BlueFrag leak

The critical leak CVE-2020-0022 aka BlueFrag came to light in February 2020, following a blogpost from the German tech company ERNW. The vulnerability affects Android Oreo 8.0 to 9.0 devices. Hackers can exploit the vulnerability using Bluetooth daemon privileges to steal personal data, spread a worm virus or silently execute arbitrary code on your smartphone. However, to take advantage of this vulnerability, they must be near your device and know the Bluetooth MAC address, which can sometimes be deduced from the Wi-Fi MAC address. Google swiftly released a patch for Google smartphones, such as the Pixel. Other Android devices may still be at risk, especially those that are no longer supported.

Corona-tracking apps using Bluetooth

Of course the corona virus is something that’s on everyone’s mind right now. As such, many governments and companies are thinking of ways to contain the corona virus using Bluetooth, through so called corona-tracking apps. In some countries, such as Singapore, Australia and India, these apps are already quite widely used.

Lots of people rightfully consider there might be privacy- and security risks to using Bluetooth this way. For instance, older devices that use a Bluetooth version older than Bluetooth 4.0 can still be tracked very easily by all sorts of parties. This is because their MAC-address (a unique address that virtually every device has) is transmitted constantly when Bluetooth is turned on. This is of course a great privacy risk.

There are also potential problems regarding cybersecurity. In 2017 a cybersecurity expert discovered a security flaw regarding the way mobile devices handled Bluetooth signals. Hackers have possibly exploited this vulnerability to “hop” from device to device to easily take over multiple devices.

Fortunately, this particular security issue has been resolved with patches from Google and Apple. However, it does show what could happen if we start using apps which require a constant Bluetooth connection on a large scale.

Furthermore, Eliot Bendinelli, from London-based nonprofit Privacy International has expressed concerns that cyberattacks in general could become more likely with the widespread usage of these apps. Since many will constantly have their Bluetooth turned on, cyber criminals will probably look for “creative” ways to launch cyber attacks at users through Bluetooth.

This just goes to show: Using Bluetooth technology might very well be invaluable for fighting the corona virus. At the same time, however, it poses significant privacy and security risks.

How do I use Bluetooth Safely? 

headset bluetoothWith these security risks in mind, it is important that you know how to use Bluetooth safely. Here are some tips to ensure that you do not have any unwanted surprises.

Security Updates

The best way to protect yourself is to update your system as soon as patches become available. After the BlueBorne vulnerability was discovered, for example, Google and Amazon released new updates that protect users against these types of attacks. Thus, the vulnerability was remedied fairly quickly. Simply downloading the latest update was all users had to do to protect themselves. That is why we always recommend to keep all your apps and systems up-to-date.

The Latest Version

As with security updates, it is also important to, if possible, choose devices that use the most recent Bluetooth version. Version 4.0, for example, disabled Bluetooth tracking. Recently released products automatically have the latest standard installed, i.e. version 5.0. Unfortunately, it is not possible to install a newer version of Bluetooth on an older device, so you will have to wait until you buy a new device.

Secure your Bluetooth Connection

To secure your Bluetooth connection, first set up your device to only connect with trusted devices. This can be done in your Bluetooth settings. This step will often foil any attempts to establish unwanted connections with new devices. Secondly, you can set up your device to require a pin code to establish a new connection. This makes it virtually impossible for someone to trick your phone into creating a new connection. You can also hide your device from others, making it undetectable. This ensures that your device is not susceptible to Bluesnarfing, Bluejacking, Bluebugging, and most of the other attacks.

Turn Bluetooth “On” and “Off”

Although the fact that Bluetooth devices automatically find other devices is a very useful feature, it also makes your devices prone to attacks. To save your phone’s battery and to better protect yourself from attacks, it is wise to only turn Bluetooth on when you actually need it. Many automation apps such as If This Then That or Tasker can be set up to automatically turn off your Bluetooth when you leave a location or disconnect from a device. Not only can this improve your security, but it will give a slight boost to your device’s battery life as well.

It’s Not Just Hackers You Need to Be Concerned About

Smartphone Location MarkerYou might think that hackers are the only threat you need to worry about with regards to people trying to use your Bluetooth in ways you don’t approve. Sadly, this just isn’t the case. Many apps, including popular apps from Facebook, Google and others, can use your device’s Bluetooth to constantly monitor your location.

When you turn off Bluetooth on your device, it stops transmitting, but it still recognizes Bluetooth signals near your device. App makers can use these Bluetooth signals to pinpoint your location. This means that app makers can trace your home and work addresses, your doctor, your favorite places to shop, and much more about your life. Bluetooth is a very accurate tracking signal. Many app makers do say in their privacy statement that they will use Bluetooth to help track your location, but as we all know, most people don’t actually read these statements in detail and are not aware of the risks.

You can protect your privacy by carefully reading the privacy statement to see if the apps you are using make use of Bluetooth to track your location. Because location tracking needs your permission, you can manually turn off this permission for apps. Note that even if location services and Bluetooth is turned off on your device, app makers can still track your location through Bluetooth if you do not manually turn off this permission for the app.

Tech journalist
Tove has been working for VPNoverview since 2017 as a journalist covering cybersecurity and privacy developments. Since 2019 she is VPNoverview.com's cybersecurity news coordinator.

More articles from the ‘Devices’ section

Comments
Leave a comment
4
Comments
  1. Thanks for this article. I have been looking for information about the safety of Bluetooth in Covid-19 tracking apps such as the one here in Australia. This article mentions Coronavirus tracking apps but then the advice on how to protect your security is incompatible with using such apps, ie. they require you to keep Bluetooth running so they can do Bluetooth handshakes with other users.

    I imagine there might be a few people searching for information about the safety of these apps and the “Bluetooth handshake” so I was wondering if you can give any more specific information regarding that feature and how to best protect your privacy while using the apps. Also whether so many people using it at the same time will provide an enticing environment for hackers* to develope ways to simulate or hijack the handshake.

    * “hackers” – I’m not sure if that’s specifically what they are called but I’m sure you get my drift anyway.

    • You’re right. With Coronavirus tracking apps, there’s a careful balance between privacy and safety that needs to be found. On the one hand, you don’t want the app’s owners to be able to track your every move and any possible hackers misusing the app, while on the other hand we want to use the app to keep the virus under control. If your app works with Bluetooth, many of the dangers and risks described in this article will be relevant. We’ll investigate this matter a little more and update our article with information and advice specific to Covid-29 tracking apps as soon as possible!

  2. Nice article, but on my phone (Sony Xperia X) there is no function to allow only trusted bluetooth devices.

    At least none that I can find. ☹️

    • This is not necessarily a function of your phone, but a way for yourself to ensure your safety. If you only connect to bluetooth devices that you know and trust, like your own headphones or a speaker, you will remain safer. The option to add a trusted bluetooth device to your phone can help you with this. If you’re connected to a device you trust, simply add it to your trusted list and you’ll be able to find it more quickly later. This should also be possibly on Sony Xperia X. Go to your settings, then ‘lock screen & security’, then ‘Smart Lock’. If you tap ‘Trusted devices’ here, you can add one for bluetooth. Good luck!

Leave a comment