Using Bluetooth to connect devices to your laptop is convenient but also risky. Discover what those risks are and how to minimize them.
Many laptops come with Bluetooth connectivity. Thanks to this wireless technology, you can easily connect a keyboard, mouse, headset, or other peripheral to your laptop. You can even use it to send files to a printer or share data between your laptop and other devices, such as your smartphone or a coworker’s computer.
There is a downside to using Bluetooth connections, though. They can be risky to use.
With names like bluejacking, bluesnarfing, and bluebugging, it is easy to see that hackers have been busy attacking victims via Bluetooth connections. Cybercriminals like to hack Bluetooth connections in order to send unwanted messages (bluejacking), steal data (bluesnarfing), or take control of devices (bluebugging).
These types of attacks are fairly easy to carry out, thanks to the security vulnerabilities often found in devices that use Bluetooth. While the Bluetooth implementation in laptops often have adequate safeguards, other types of Bluetooth-enabled devices often do not. Many manufacturers are creating Bluetooth-enabled devices without any serious thought about securing those connections. The lack of safeguards is largely due to the lack of regulations in this area.
A security vulnerability (CVE-2019-9506) was even discovered in the Bluetooth specification itself in August 2019. The flaw enables hackers to force a nearby Bluetooth device to use weaker encryption when it connects, making it easier for them to crack the password used to secure the connection. The vulnerability has been patched in the Bluetooth specification, according to the CERT Coordination Center. However, it is up to the Bluetooth host and controller suppliers to patch their products and send the updates to the device manufacturers (and other vendors) using the products. The device manufacturers are ultimately responsible for getting the patches to device users.
How to Minimize the Risks
Hackers need to be in fairly close proximity — within 300 feet for a Class 1 Bluetooth device and 30 feet for a Class 2 device — to hack a Bluetooth connection. Even with this limitation, connecting Bluetooth-enabled devices to your laptop can be risky. Fortunately, you can minimize the risks by taking a few precautions:
- Turn Bluetooth off on your laptop when you are not using it. This makes it impossible for hackers to access your laptop via Bluetooth. Plus, it helps save battery power.
- Turn off the “discoverable” or “pairing” mode on a Bluetooth-enabled device when you are done pairing it with your laptop. Turning off this mode makes it harder (but not impossible) for a hacker to access your Bluetooth connection. Check with the manufacturer if you are unsure of how to turn off this mode on the device. (Note that some devices automatically turn off this mode when the pairing process is complete.)
- Make sure the Bluetooth-enabled device uses authentication when pairing. If you have a device that does not require a passcode (or if the passcode is 0000), you should replace it with one that uses authentication.
- Do not use Bluetooth devices that rely on outdated versions of the Bluetooth specification. They will likely have unpatched security vulnerabilities, making the Bluetooth connection more vulnerable.
Keep the firmware and software on your laptop and Bluetooth devices updated. If updates are not available for a device, it might be time to replace it.