Politico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article’s content was light, it did discuss some important security concerns that any Jane Doe might care about. Besides Kamala Harris opting for wired headphones instead of AirPods, she would also defer to texting over email for certain communication, and set a policy for guests visiting her office to remain in the waiting area instead of in her office if she wasn’t present. That last point is something that often bothers me when watching a movie or TV show, as it seems standard to just let anyone into their office without consideration that maybe that office contains content considered private, such as semi-confidential papers sitting in an unlocked top drawer.
All of Kamala’s concerns began years ago when she was the attorney general of California, but it seems to be a habit she has upheld. We already discussed her office guest policy, but what about her preference for texting over email? This seems like a reasonable call. There are plenty of examples of politician’s email accounts getting hacked, so it doesn’t hurt to be cautious with your communication.
The main story, Kamala’s aversion to using Bluetooth, is grounded in several valid concerns about Bluetooth. It is an old technology that has been tied to numerous vulnerabilities. Obviously, every technology has had its fair share of vulnerabilities, but that doesn’t mean someone should take an apathetic stance against their personal security. This holds especially true for Kamala Harris or any other high-level politician. If Bluetooth is vulnerable, then why bother using it if the alternative is using corded headphones, a very minimal inconvenience.
Bluetooth’s threats are less well-known to the public, as exploiting a Bluetooth device requires close proximity. Depending on the version of Bluetooth, the range can be as little as 33ft (10.06 m), or as far as 1000ft (304.8 m). It is possible to extend the reach by using a long-range Bluetooth transmitter, but it is cost prohibitive to most. One example of a Bluetooth attack is BlueJacking, where the attacker can send unsolicited messages. This could result in annoying spam messages or malicious links arriving at your phone. More worrying is BlueSnarfing, an attack that allows for the extraction of data by connecting to the victim’s Bluetooth device without their knowledge. This attack isn’t necessarily easy to achieve nor is it widely exploitable with today’s patched devices, but it has been done before. US adversaries with extensive resources may have novel exploits up their sleeves that is yet known to the wider security community.
For the average person, leaving Bluetooth continuously on isn’t a poor decision, as actual exploitation remains rare. If you rarely used Bluetooth, it doesn’t hurt to turn off your connection.