Your Bluetooth connection is unsafe. Very unsafe. That’s the message from the largest hacker convention.
Bluetooth, which is a wireless technology for connecting everything from wireless earphones to car entertainment systems, is hacker heaven.
“People can track you with your Bluetooth devices. The problem is chronic with devices like headphones [and] fitness trackers,” noted Security Boulevard in a post entitled “Securing devices for DEFCON,” adding that many Bluetooth devices “seem to have gaping holes just waiting to be hacked.”
The recent KNOB attack, disclosed on Aug. 13, is an example of how unsafe Bluetooth connections can be. The “severe” vulnerability in the Bluetooth specification can allow an attacker to potentially change the content of nearby Bluetooth devices, according to a web page on the attack.
If you use your Bluetooth for music or audio, the danger is small, said Adam Kujawa, director of Malwarebytes Labs, to Fox News.
“When using Bluetooth for other things, like data transmission, calls … the likelihood that an attack could result in damage increases, but I don’t think this increases the likelihood of being attacked,” he said.
Most of the tools to do effective hacking are expensive, he said.
“In addition, the skills required to launch this kind of attack are at least in the intermediate area,” he said.
But Jake Kouns, chief information security officer at Risk Based Security, says that the big picture is less sanguine.
“The widespread use of Bluetooth means a single vulnerability can have a devastating impact on an ever-growing list of devices,” he said in an email to Fox News.
“Further compounding the problem, many Bluetooth-enabled consumer devices are not typically easy to update, and in some cases can’t be updated,” he said, making them forever vulnerable to attack.
But is it practical to turn off your Bluetooth every time after using it?
“Any time I hear the advice to turn off Bluetooth, it does feel a bit dirty on the surface as there should be a better option,” Kouns said.
“But realistically and unfortunately, in many cases turning off Bluetooth is the best suggestion,” he added.
One thing to keep in mind, Kouns said, is that many consumer devices only need to have Bluetooth enabled for one-time setup procedures. After that, Bluetooth can be turned off.
The issue is when a device needs to have a Bluetooth connection turned on all the time.
“Bluetooth headsets, fitness trackers and smartwatches are just a few examples that typically require Bluetooth to be turned on all the time to allow real-time data syncing, including receiving alerts and messages,” Kouns said.
Be aware of which devices are using Bluetooth, he noted. Often, consumers have no idea which devices are using Bluetooth and which are accessing confidential data, according to Kouns.
“The development of Bluetooth is focused on functionality and expansion of use rather than security,” Malwarebytes Labs’ Kujawa said.
But this will likely change going forward, he said.
An effort by Fox News to get a comment from the Bluetooth Special Interest Group, the trade association that oversees Bluetooth technology, was unsuccessful.
Founded in 1998, Bluetooth SIG encompasses more than 35,000 member companies, according to its website.
Fox News’ James Rogers contributed to this article.