Bluetooth vulnerabilities expose devices to remote hacking risks
Bluetooth technology presents significant security risks, with cybercriminals capable of exploiting vulnerabilities from distances equivalent to a football field, according to NordVPN’s cybersecurity experts.
The rising prevalence of Bluetooth-enabled devices, projected to reach 7.5 billion shipments annually by 2028, amplifies these concerns.
Despite the typical 10-metre range of Bluetooth, hackers can launch attacks from up to 100 metres away. Marijus Briedis, CTO at NordVPN, warns that enabling “discoverable” mode opens devices to exploitation, allowing hackers to bypass security and access sensitive data or install malware.
“The dark side of Bluetooth lies in its weaknesses,” Briedis explains. “Once enabled, this setting opens the door for hackers to exploit vulnerabilities, bypass even the most advanced security measures, and gain access to sensitive personal data or install malicious software.”
“Bluebugging,” considered the most dangerous attack, grants hackers full device control, enabling them to make calls, send texts, and eavesdrop on conversations. While closer proximity increases the risk of severe attacks, “Bluesnarfing” and “Bluejacking” can occur from greater distances. Bluesnarfing involves data theft, while Bluejacking spams devices with unwanted messages or advertisements.
The Flipper Zero tool has also emerged as a concern, enabling short-range eavesdropping and device impersonation. Beyond smartphones and laptops, smart home devices and even cars are vulnerable. Hackers can exploit weak Bluetooth PINs in cars to eavesdrop on conversations and control vehicle functions.
To mitigate these risks, NordVPN recommends disabling Bluetooth when not in use, making devices undiscoverable, rejecting unfamiliar connection requests, setting strong passwords, monitoring data usage, and watching for suspicious activity. See full list below.
Marijus Briedis, Chief Technology Officer (CTO) at NordVPN, advises users to take the below steps to prevent Bluetooth attacks:
- Disable Bluetooth when not in use. Turning off Bluetooth when it’s not needed significantly reduces the risk of exposure. It’s also advisable to set your Bluetooth visibility to hidden.
- Make Bluetooth devices undiscoverable. Access your device’s Bluetooth settings to make it undiscoverable. This adjustment prevents hackers from seeing and attempting to pair with your device.
- Reject unfamiliar connection requests. To protect against potential attacks, avoid accepting Bluetooth connection requests from unknown sources, especially in public spaces. Additionally, always reject and delete messages from strangers and never click on links within them. These links could download malware onto your device, potentially leading to large-scale data theft.
- Set passwords for connections. Secure your Bluetooth connections with passwords to prevent unauthorised devices from connecting automatically.
- Monitor for sudden spikes in data usage. Keep an eye on your data consumption. If you notice an unreasonable surge, it could indicate that someone is controlling your device or using it as part of a botnet, significantly increasing data usage.
- Watch out for suspicious activity. If your phone unexpectedly disconnects calls or you find messages not sent by you, it might mean your device is compromised. Consider resetting your device to factory settings or uninstalling unfamiliar apps.
