• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Bluetooth Is Safe Enough For You

December 15, 2021 By Josh Stuifbergen

Politico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article’s content was light, it did discuss some important security concerns that any Jane Doe might care about. Besides Kamala Harris opting for wired headphones instead of AirPods, she would also defer to texting over email for certain communication, and set a policy for guests visiting her office to remain in the waiting area instead of in her office if she wasn’t present. That last point is something that often bothers me when watching a movie or TV show, as it seems standard to just let anyone into their office without consideration that maybe that office contains content considered private, such as semi-confidential papers sitting in an unlocked top drawer.

All of Kamala’s concerns began years ago when she was the attorney general of California, but it seems to be a habit she has upheld. We already discussed her office guest policy, but what about her preference for texting over email? This seems like a reasonable call. There are plenty of examples of politician’s email accounts getting hacked, so it doesn’t hurt to be cautious with your communication.

The main story, Kamala’s aversion to using Bluetooth, is grounded in several valid concerns about Bluetooth. It is an old technology that has been tied to numerous vulnerabilities. Obviously, every technology has had its fair share of vulnerabilities, but that doesn’t mean someone should take an apathetic stance against their personal security. This holds especially true for Kamala Harris or any other high-level politician. If Bluetooth is vulnerable, then why bother using it if the alternative is using corded headphones, a very minimal inconvenience.

Bluetooth’s threats are less well-known to the public, as exploiting a Bluetooth device requires close proximity. Depending on the version of Bluetooth, the range can be as little as 33ft (10.06 m), or as far as 1000ft (304.8 m). It is possible to extend the reach by using a long-range Bluetooth transmitter, but it is cost prohibitive to most. One example of a Bluetooth attack is BlueJacking, where the attacker can send unsolicited messages. This could result in annoying spam messages or malicious links arriving at your phone.  More worrying is BlueSnarfing, an attack that allows for the extraction of data by connecting to the victim’s Bluetooth device without their knowledge. This attack isn’t necessarily easy to achieve nor is it widely exploitable with today’s patched devices, but it has been done before. US adversaries with extensive resources may have novel exploits up their sleeves that is yet known to the wider security community.

For the average person, leaving Bluetooth continuously on isn’t a poor decision, as actual exploitation remains rare. If you rarely used Bluetooth, it doesn’t hurt to turn off your connection.

Share This:

Related

Filed Under: Editorial Articles Tagged With: BlueJacking, BlueSnarfing, bluetooth

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use