How to Protect Your Organization from Bluetooth Hacking

In March 2021, residents of the English town Bournemouth received a warning about reports of bluebugging activities – a Bluetooth hacking technique that can be used to remotely control devices and access personal data stored on these devices.

In November 2020, a group of Belgian researchers found a Bluetooth vulnerability that made it possible to hack and steal the newest Tesla Model X .

You and your employees use Bluetooth-enabled technologies on a daily basis, be it by connecting a smartphone to a car’s system, using a wireless keyboard, or tracking fitness via a smartwatch. Unfortunately, Bluetooth vulnerabilities present yet another possible alley for hackers to use against personal or organizational devices and access a network.

What is Bluetooth technology and how does it work?

Bluetooth technology uses radio waves to send signals between different devices over short distances. Its frequency can range between 2-2.4 GHz. Devices pair to each other via a process that registers information from each device to ensure a secure link. Bluetooth can be used to either exchange information or use one device to control the other.

Although it is in the same frequency range as Wi-Fi, Bluetooth operates at much shorter distances and uses weaker signals (1-3mW).  

Types of Bluetooth technology

There are two types of Bluetooth technology – Bluetooth Classic and Bluetooth LE. Their usage depends on the application requirements and battery capacities of a device. 

1. Bluetooth Classic(Bluetooth Basic/Enhanced Data Rate or BR/EDR): This Bluetooth technology is used for connections that require a continuous uninterrupted flow of data or a transfer of large amounts of data. It’s used for wireless headphones, keyboards, printers, etc. 
2. Bluetooth LE (Low Energy): This type of technology requires less power to operate. It is dormant – in sleep mode – until a connection is initiated. It’s used for industrial monitoring sensors, medical equipment, control and automation systems, fitness watches, etc.

What are the vulnerabilities of Bluetooth-enabled devices?

As convenient as Bluetooth technologies can make the daily operations of offices and employees, they do have vulnerabilities that cybersecurity teams must take into consideration.

For example, research groups at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University have identified a vulnerability between the Bluetooth versions 4.2 and 5.0 called BLURtooth, which affects the Cross-Transport Key Derivation (CTKD).

CTKD is a mechanism that makes the Bluetooth connection more user-friendly in devices that support both BR/EDR and LE connectivity. It allows the devices to pair once using either transport modes while providing long-term keys without having to pair a second time, therefore, providing a lower level of security.

Cybercriminals in proximity can exploit this vulnerability and overwrite the authentication key for the Bluetooth devices, which then grants them access to the compromised device and all data which is available on apps in the device that operate under Bluetooth as well.

EPFL researchers have discovered another vulnerability – BIAS (Bluetooth Impersonation AttackS An attacker targets the long-term key established between 2 paired trusted devices (for authorization of connection). An attacker, who knows one of the devices’ address, can request a connection by “forging the other end’s Bluetooth address, and vice versa, thus spoofing the identity and gaining full access to another device without actually possessing the long term pairing key that was used to establish a connection.”

Furthermore, a number of vulnerabilities have been discovered in LE-based devices by such large manufacturers as Samsung, FitBit, and Xiaomi. The flaw was identified in the way their software development kits used by many system-on-a-chip have been implemented in these devices. 12 vulnerabilities – collectively referred to as SweynTooth – have been discovered in total. Cybercriminals can use these vulnerabilities to crash devices, activate deadlocks, and even bypass security protocols that are otherwise only available to the authorized user of said device.  

Finally, security researchers at ENRW, have identified a vulnerability that affects the Android Bluetooth Subsystem called BlueFrag. It affects Android 8.0-9.0 and essentially only requires either a Bluetooth MAC address, which in some cases can be gathered from the Wi-Fi MAC address, for a cybercriminal to remotely and quietly execute arbitrary code, steal personal data, and spread malware.

How can Bluetooth hacking affect your organizational network?

The spread of IoT and the efficiency that Bluetooth technology offers means that organizational networks are major users of Bluetooth in their servers and devices. Unfortunately, this also means that they are at constant threat from cybercriminals who are looking to exploit any vulnerabilities and combine them with man-in-the-middle attacks, malware, session hijacking, ransomware, etc. This can lead to major security and data breaches.

How to protect your network from Bluetooth attacks

1. Technology is vulnerable to human errors.Employees should be taught about Bluetooth safety, its risks, and vulnerabilities. Strict Bluetooth guidelines should also be established for general and corporate safety. 
2. Employees should be trained to be mindful of their devices’ Bluetooth accessibility in public places. The feature should be switched off when not in use. 
3. Bluetooth pairing should only occur between trusted devices, using two-factor authentication whenever possible. The same goes for LE devices like Bluetooth headphones or hands-free headsets.
4. Make sure that your network and devices are protected by anti-malware and anti-virus software. Keep them up to date with the latest patches. 
5. Establish a centralized system that monitors all Bluetooth devices requesting access to the perimeter and manages their access.
6. Regularly audit your infrastructure and eliminate all unnecessary devices. After all, vigilance and early detection are key to minimizing risk.
7. Routinely check your systems, servers, and devices for any suspicious behavior or vulnerabilities, and address them immediately.