The habit of keep Bluetooth always active on your smartphone (and, more generally, a device) certainly makes it convenient to connect to wireless accessories, such as headphones, smartwatches and car infotainment systems. At the same time, however, this practice can be potentially dangerous. The same one NSA (National Security Agency), in a briefing paper published in 2021, suggests Turn off Bluetooth when not in use. This is because Bluetooth, while reliable and secure, remains a possible attack vector. To avoid alarmism, however, let’s clarify one thing right away: the threats we will tell you about (the Bluejacking and the Bluesnarfing) mainly affect obsolete devices or those with insecure configurations or outdated software. On modern smartphones, equipped with cutting-edge operating systems and advanced Bluetooth protocols, the risk of real attacks is usually lower. That said, let’s see what are the risks associated with Bluetooth and how to mitigate them.
Bluejacking and Bluesnarfing: two insidious ones Bluetooth-based cyber traps
Let’s delve into the analysis of the threats that loom over our daily devices and start from the phenomenon known as Bluejacking. Although it is often considered the least risk since it consists primarily in sending unsolicited messages or advertising material using the “visible” mode of our Bluetooth, we must not underestimate its danger as a possible vector for phishing: an attacker could trick us into clicking on malicious links disguised as harmless communications, leading us to download harmful content. It is important to eliminate the risk Turn off Bluetooth when not in use.
Much more insidious for our privacy is the Bluesnarfinga technique that allows unauthorized third parties to silently connect to your device and copy sensitive data and information, including contacts, email addresses, calendars, and personal files; unlike the annoyance caused by Bluejacking, here we are faced with a real theft of information. Regarding this hacking technique, the security experts of McAfeethey explain:
The threat involves gaining unauthorized access to information on the Bluetooth device and exploiting vulnerabilities in the protocol. These flaws can occur due to improper device configurations, outdated software, or weak encryption protocols. (…) The scary thing is that often the victim is unaware of this unauthorized access.
How to defend yourself from Bluetooth-based cyber attacks
Having established that Bluetooth can, at least potentially, be an attack vector, let’s see 6 tips for defending yourself.
- Limit Bluetooth activation to what is strictly necessary: the first safety step is to activate the wireless module only when we actually need to connect an accessory, such as earphones. By turning it off when not needed, we instantly become invisible to the scanning software used by attackers to identify potential targets.
- Obscure device visibility: if we need to keep Bluetooth turned on, we must make sure that the “discoverability” function is disabled in the settings. This allows us to maintain the connection with our already saved devices, while preventing nearby strangers from seeing our device in the list of available ones. To do this on Androidyou have to go to the Bluetooth settingstouch the three dots, select the item Other settings and then disable the option Visible to other devices (wordings and steps may vary depending on the version of Android in use); on iPhoneHowever, since the device is only discoverable when you are in the pairing screen, it is sufficient to exit the settings screen to make the “iPhone” invisible to other devices present nearby. And about AirDrop on iPhone, remember to enable the option All for 10 minutes only when actually necessary.
- Choose carefully where to pair: it is best to avoid configuring new connections (the so-called pairing) while we are in crowded or public places, such as stations or shopping centres. In these contexts, an attacker could monitor frequencies waiting to intercept the initial data exchange. It is always preferable to carry out these operations within the walls of your home or office.
- Block any unsolicited requests: if a pop-up suddenly appears on the smartphone screen requesting pairing with a device we don’t know, you must refuse the request without hesitation. Ignoring or canceling these suspicious requests is the first line of defense against unauthorized access attempts.
- Keep the system always updated: Manufacturers constantly release patches to fix security flaws discovered in Bluetooth protocols. Regularly installing the latest operating system and firmware updates for our accessories is the only way to be protected from the latest threats.
- Clean up saved links: a good “digital hygiene” rule is to periodically review the list of associated devices and eliminate those that we no longer use or that we have connected in temporary situations. This prevents devices from automatically reconnecting to systems we no longer have full control of.