Using Bluetooth to connect devices to your laptop is convenient but also risky. Discover what those risks are and how to minimize them.
Many laptops come with Bluetooth connectivity. Thanks to this wireless technology, you can easily connect a keyboard, mouse, headset, or other peripheral to your laptop. You can even use it to send files to a printer or share data between your laptop and other devices, such as your smartphone or a coworker’s computer.
There is a downside to using Bluetooth connections, though. They can be risky to use.
The Dangers
With names like bluejacking, bluesnarfing, and bluebugging, it is easy to see that hackers have been busy attacking victims via Bluetooth connections. Cybercriminals like to hack Bluetooth connections in order to send unwanted messages (bluejacking), steal data (bluesnarfing), or take control of devices (bluebugging).
These types of attacks are fairly easy to carry out, thanks to the security vulnerabilities often found in devices that use Bluetooth. While the Bluetooth implementation in laptops often have adequate safeguards, other types of Bluetooth-enabled devices often do not. Many manufacturers are creating Bluetooth-enabled devices without any serious thought about securing those connections. The lack of safeguards is largely due to the lack of regulations in this area.
A security vulnerability (CVE-2019-9506) was even discovered in the Bluetooth specification itself in August 2019. The flaw enables hackers to force a nearby Bluetooth device to use weaker encryption when it connects, making it easier for them to crack the password used to secure the connection. The vulnerability has been patched in the Bluetooth specification, according to the CERT Coordination Center. However, it is up to the Bluetooth host and controller suppliers to patch their products and send the updates to the device manufacturers (and other vendors) using the products. The device manufacturers are ultimately responsible for getting the patches to device users.
How to Minimize the Risks
Hackers need to be in fairly close proximity — within 300 feet for a Class 1 Bluetooth device and 30 feet for a Class 2 device — to hack a Bluetooth connection. Even with this limitation, connecting Bluetooth-enabled devices to your laptop can be risky. Fortunately, you can minimize the risks by taking a few precautions:
- Turn Bluetooth off on your laptop when you are not using it. This makes it impossible for hackers to access your laptop via Bluetooth. Plus, it helps save battery power.
- Turn off the “discoverable” or “pairing” mode on a Bluetooth-enabled device when you are done pairing it with your laptop. Turning off this mode makes it harder (but not impossible) for a hacker to access your Bluetooth connection. Check with the manufacturer if you are unsure of how to turn off this mode on the device. (Note that some devices automatically turn off this mode when the pairing process is complete.)
- Make sure the Bluetooth-enabled device uses authentication when pairing. If you have a device that does not require a passcode (or if the passcode is 0000), you should replace it with one that uses authentication.
- Do not use Bluetooth devices that rely on outdated versions of the Bluetooth specification. They will likely have unpatched security vulnerabilities, making the Bluetooth connection more vulnerable.
Keep the firmware and software on your laptop and Bluetooth devices updated. If updates are not available for a device, it might be time to replace it.
employees working credit to https://1dayreview.com flickr photo by 1DayReview shared under a Creative Commons (BY) license
Today’s guest post is by a friend and professional peer of mine, Tony Chiappetta, owner of CHIPS.
CHIPS is a Technology Success Provider located in Shoreview, MN near the intersection of Highway 96 and Lexington. Since 2001, CHIPS has been working with businesses to help them get the most from their technology investment.
Tony has been around technology all his life and holds numerous industry certifications. With the completion of both a Law Enforcement and a Business Management Degree, Tony brings a business perspective to the technology landscape. This has allowed CHIPS to lead the industry by bringing enterprise solutions down to the Small Business sector.
CHIPS has received many industry awards and accredations however, Tony is most proud that his team has been asked to help secure the Critical Infrastructure of the Twin Cities by bringing to market a proven technology that was previously only available to Federal Government Agencies.
You can follow CHIPS via Social Media and stay connected with their blog.
Share
FEB
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com