Many laptops and other mobile devices come with Bluetooth connectivity. Thanks to this wireless technology, you can easily connect a keyboard, mouse, headset, or other peripheral. You can even use it to send files to a printer or share data.
However, there is a downside to using Bluetooth connections. They can be risky to use.
With names like bluejacking, bluesnarfing, and bluebugging, it is easy to see that hackers have been busy attacking victims via Bluetooth connections. Cybercriminals like to hack Bluetooth connections in order to send unwanted messages (bluejacking), steal data (bluesnarfing), or take control of devices (bluebugging).
These types of attacks are fairly easy to carry out, thanks to the security vulnerabilities often found in devices that use Bluetooth. While the Bluetooth implementation in laptops often have adequate safeguards, other types of Bluetooth-enabled devices often do not. Many manufacturers are creating Bluetooth-enabled devices without any serious thought about securing those connections. The lack of safeguards is largely due to the lack of regulations in this area.
A security vulnerability (CVE-2019-9506) was even discovered in the Bluetooth specification itself in August 2019. The flaw enables hackers to force a nearby Bluetooth device to use weaker encryption when it connects, making it easier for them to crack the password used to secure the connection. The vulnerability has been patched in the Bluetooth specification, according to the CERT Coordination Center. However, it is up to the Bluetooth host and controller suppliers to patch their products and send the updates to the device manufacturers (and other vendors) using the products. The device manufacturers are ultimately responsible for getting the patches to device users.
How to Minimize the Risks
Hackers need to be in fairly close proximity — within 300 feet for a Class 1 Bluetooth device and 30 feet for a Class 2 device — to hack a Bluetooth connection. Even with this limitation, connecting Bluetooth-enabled devices to your laptop can be risky. Fortunately, you can minimize the risks by taking a few precautions:
Talk to our I.T. Managed Services team to help keep your business’ fleet of I.T. hardware protected with automated patching and updates.
If updates are not available for a device, it might be time to replace it. Our I.T. Procurement team can help you source the right fit I.T. for your business.