Bluejacking: Using one Bluetooth-enabled device to hijack another and send phishing messages Bluesnarfing: Extracting information from a device through a Bluetooth connection Bluebugging: Using a Bluetooth connection to gain backdoor access to your device.

There are several things you can do to keep your Bluetooth-enabled devices safe from these types of attacks.

Install security patches and updates. Make your Bluetooth device not discoverable. Don’t share sensitive information via Bluetooth. Be careful who you connect with. Turn your Bluetooth off. Don’t pair devices in public. Unpair devices as needed.

Read our full article to find out more safety tips, learn how Bluetooth works, and compare the pros and cons of this convenient technology. As with any wireless system, your data could be seen by unintended recipients. It’s not only about people discovering which music you stream to your Bluetooth headphones, either. Bluetooth could expose a great deal of data from your mobile phone, laptop, or computer. Now is the time to get up to speed about all things Bluetooth: what it is, how it works, common Bluetooth attacks, and tips for maximizing Bluetooth security.

What is Bluetooth?

Bluetooth technology is a protocol for establishing a local network to exchange data wirelessly between nearby devices. In other words, with Bluetooth, you can share information between, for example, your phone and your headphones without needing a cable. Bluetooth is an open standard, meaning anyone can freely use the technology without a license. This is one of the main reasons why Bluetooth is so popular and is built into more and more devices every day. The technology was developed in the early nineties by Jaap Haartsen, who worked for Ericsson. Today, you can find almost everything with Bluetooth connectivity — from wireless headphones to speakers to the refrigerator in your kitchen. A majority of newly manufactured devices come with built-in Bluetooth functionality.

Types of Bluetooth

Back in the early 90s, no one would have imagined that Bluetooth would be as prevalent as it is today. At that time, it was developed to transmit data between “stupid” devices that were close to each other. Meaning, the technology was rather simple and insecure. The first Bluetooth-enabled phone didn’t hit the market until 2001. Bluetooth has had to evolve and catch up with modern technological advances. As a result, countless Bluetooth versions exist today. To make it easier, Bluetooth can be categorized into two kinds.

Bluetooth Classic

This is the most commonly used type of Bluetooth. This type is used to transmit high amounts of data over a long period. Think of your phone transmitting music to your wireless headphones or your gaming PC transmitting your actions to a wireless controller. In the process, it consumes a lot of power.

Bluetooth Low Energy

On the other hand, Bluetooth Low Energy (BLE) was invented as a variation of Bluetooth for low-energy devices. For example, FitBit devices that run on a small battery over a long period. Such devices periodically exchange small amounts of data. Otherwise, they go into sleep mode until a connection is initiated again thus saving energy. The most current version of Bluetooth is 5.2, and from 2023, much older versions will be scraped. New devices must use versions 4.2 and up.

How Does Bluetooth Work?

Bluetooth wirelessly connects different devices, such as your phone and your laptop. It eliminates the need for a USB cable when you want to exchange data between two devices. Bluetooth technology uses short-wavelength UHF radio waves to establish the connection, making it essentially a radio connection. Bluetooth operates at frequencies between 2.402 and 2.480 GHz.

Pairing Bluetooth devices

Bluetooth devices must be close to one another to be able to exchange information, usually within a distance of 10 meters (30 feet). Because the broadcast signals are very weak, they usually do not affect other devices operating at the same frequency. When you connect two Bluetooth-enabled devices for the first time, this is called pairing. You have to approve each new connection, which makes Bluetooth relatively secure. Once devices connect for the first time, the pairing is usually “remembered,” and future connections will happen automatically when both devices have Bluetooth activated and are near each other.

Sending data over Bluetooth

Although a Bluetooth connection is relatively weak, it remains effective enough for data transfer. The songs you listen to, for example, are sent instantly from your Spotify app to your headphones. It’s possible to connect up to eight devices on one network. However, only one device (the “master”) can send data. All the other devices in different locations in your home, for example, are “receivers/slaves.” To keep this connection stable, Bluetooth uses frequency hopping. This means the connection jumps between different frequencies within its range. There are 79 frequencies each Bluetooth network can choose from, so frequencies that are already being used by other devices, such as your garage door, can easily be avoided.

Is Bluetooth encrypted?

Yes. Since BLE 2.1, Bluetooth encryption is mandatory after devices have been paired. However, Bluetooth security and encryption standards are tricky due to the different types of Bluetooth available and the variety of devices that use it. For example, how two mobile phones pair and encrypt data via Bluetooth is different from how a phone connects to wireless earphones. In devices that have an input like a screen, the encryption works by using a “link key” to exchange encrypted data. For security reasons, the link key is not sent via the air to avoid it from being sniffed by a malicious third party. So how do authorized devices get this link key so they can start exchanging information? Two devices that are connecting for the first time will go through an initialization phase (pairing) that will “associate” them. The key is generated when the user enters identical PINs into both devices, which the devices use to generate their secret link keys.

How is Bluetooth Used?

Bluetooth has become a ubiquitous part of our daily lives. We use Bluetooth technology every day in a variety of ways, often without even thinking about it.

The Pros and Cons of Bluetooth

Bluetooth offers many advantages, but there are drawbacks, too. We discuss both below.

Pros of using Bluetooth

Bluetooth lets you connect to multiple devices and send files or play music with a few clicks.

Wireless: You can use headphones without annoying cord tangles. Your printer, mouse, and keyboard don’t need cables, keeping your desktop uncluttered. Automatic & easy: You only have to enable Bluetooth on both devices for them to be able to “find” each other. Once paired, all future connections happen automatically. Compatible: Bluetooth can connect devices of all kinds, regardless of operating system or manufacturer. Multiple devices: A Bluetooth network can connect up to eight devices, with one being the “master” that controls all other connected devices. Secure connection: Because you must approve connections that are not already part of your network and Bluetooth only works at short distances, it is difficult (but not impossible) to intercept the signal.

Cons of using Bluetooth

If left unsupervised, your Bluetooth connection can drain your battery and open your device to attacks.

Battery drainer: Despite relatively low energy consumption needs, you still have to charge Bluetooth devices frequently. If your smartphone has Bluetooth enabled, the battery drains faster. Health concerns: Although no direct link has been found, there are questions about the relationship between Bluetooth radiation and health issues like dizziness, sleeping problems, anxiety, depression, and even brain tumors. Easy to find: Bluetooth technology easily finds nearby devices. This advantage is also a potential risk. Hackers can see which devices are nearby and attack. This is a risk in public spaces, like airports, trains, and cafés. Short range: To work reliably, your Bluetooth-enabled devices must be within about 10 meters of each other. This limitation makes Bluetooth a poor choice for some wireless applications. Slow data transfers: Wireless technology has limits on how fast it can transmit data. While the latest versions of Bluetooth are much faster than their predecessors, they are still no match speed-wise to other technologies like Wi-Fi and USB.

Can Bluetooth Be Hacked?

No wireless technology is 100 percent safe, and Bluetooth is no exception. So how secure is Bluetooth? Unfortunately, your Bluetooth connection can be hacked. There are three common ways criminals go about Bluetooth hacking: bluejacking attack, bluesnarfing, and bluebugging.

Bluejacking

This type of cyber attack involves one Bluetooth-enabled device hijacking another and sending spam messages to the hijacked device. Mostly it is an annoyance, but if a recipient falls for such a phishing attempt and clicks on a link in one of these spam messages, bigger issues can arise. The link often takes you to a website where your personal information is stolen or malware is installed on your device.

Bluesnarfing

A bluesnarfing attack is similar to bluejacking but more sinister. Where bluejacking only sends information to your device, bluesnarfing also extracts information from your device. Data like text messages, photos, emails, and even the identifying information your device sends to your ISP can all be stolen. Most Bluetooth hackers will use this information for a variety of purposes, none of them good.

Bluebugging

In this type of Bluetooth hacking, hackers establish a surreptitious Bluetooth connection with your phone or laptop. They then use this connection to gain backdoor access to your device. Once in, they can spy on your activity, access your sensitive information, and even use your device to impersonate you on any apps on your device, including the apps you use for online banking. This kind of attack is called bluebugging because it resembles the way one might bug a phone. Once control over the phone is established, cybercriminals can use it to call themselves and listen in on conversations.

Examples of Bluetooth Attacks

No device is immune from Bluetooth security risks. There are plenty of examples of cybercriminals hacking Bluetooth. Although most of these vulnerabilities were patched in time, it shows that Bluetooth hacking is possible. As such, it’s incredibly important to incorporate proactive measures into your online security routine.

BlueBorne Attack (2017)

In 2017 the well-known BlueBorne attack showed that hacking Bluetooth technology was possible without the attacker being paired to the device. Devices could be infected even when they were in non-discoverable mode. Once hacked, the device could be fully controlled by the hacker, then used to access networks and steal data, initiate ransomware demands, and spread malware to other nearby devices. Virtually any Bluetooth-enabled device was susceptible to a BlueBorne attack. The vulnerability was patched in 2017 by Google (Android), Windows, iOS, and Linux for their respective devices.

BlueFrag Leak (2020)

In 2020, ERNW discovered that on Android 8.0 to 9.0, an attacker in proximity to the targeted device could silently execute arbitrary code on the phone through Bluetooth as long as it was enabled. The vulnerability allowed hackers to steal personal data or spread a worm virus. The issue was patched in a security update by Google in February 2020.

Bluewave Zero-Click Bugs (2020)

In 2020, a collection of security vulnerabilities in Apple’s macOS Bluetooth system allowed hackers to take over devices through Bluewave Zero-Click Bugs. This means they were able to compromise a device even if the user didn’t open a malicious link or attachment and even without contact with the device. Apple released a security patch in 2020 and awarded the research team an award of $75,000 for discovering and reporting the vulnerabilities.

BleedingTooth (2020)

In 2020, a researcher at Google discovered a set of Zero-Click vulnerabilities in the Linux Bluetooth subsystem called BlueZ. The vulnerability allowed a malicious actor in close proximity to execute arbitrary code with kernel privileges on vulnerable devices. Essentially taking over the device without the user’s knowledge. The Google researcher informed both BlueZ and the Linux Bluetooth Subsystem maintainers (Intel). Who later released security patches and integrated them into the Linux Kernel.

Bluetooth Privacy Concerns

Many apps, including popular ones from Facebook, Google, and others, use your device’s Bluetooth functionality to monitor your location. Furthermore, smart devices such as fitness trackers or Bluetooth speakers that use Bluetooth to communicate with mobile apps can be hacked and the attacker can “listen in” or collect data.

Your location can be tracked using Bluetooth

When you turn off Bluetooth on your device’s settings, it stops transmitting but still recognizes nearby Bluetooth signals. App makers use these Bluetooth signals to pinpoint your location. This means that app makers can track you anywhere you go and maintain data about your daily movements (if you carry your device with you). The scariest bit is that Bluetooth allows for very accurate tracking. Many app makers state in their privacy statements that they use Bluetooth to track your location, but as we all know, most people don’t read these statements in detail. As such, most everyday consumers are not aware of the risks. You can protect your privacy by carefully reading the privacy statement to see if the apps you install make use of Bluetooth to track your location. Because location tracking needs your permission, you can manually turn off this permission for those apps.

Your Bluetooth devices can be fingerprinted

In 2019, a security team from Ohio State University discovered there was an inherent flaw in mobile apps that work with Bluetooth. The flaw leaves the devices vulnerable both during the pairing procedure and when they are operating. The problem lies in how Bluetooth Low Energy devices communicate with the mobile apps that control them. A Bluetooth speaker, for example, communicates with the app on your mobile phone by broadcasting a universally unique identifier (UUID). The UUID that allows your mobile app and the Bluetooth speaker to talk, is embedded in the mobile app code. Otherwise, your mobile app wouldn’t be recognizable to the Bluetooth speaker. However, embedding the UUIDs in the mobile app makes them susceptible to a fingerprint attack. So in cases where encryption is not used or is used improperly, threat actors would be able to connect to your devices using its UUID and “snoop in” on your conversations. In the end, however, the Ohio State University researchers discovered that the vulnerabilities were easy to fix and made recommendations to app developers and industry groups.

How to Tell if Your Bluetooth is Hacked

Most Bluetooth security attacks are subtle and give the attacker access to a device without the knowledge of the user. However, there are some telltale signs a user can look out for to determine if their Bluetooth has been hacked. By following these steps on how to prevent Bluetooth hacking, you can protect your devices from snooping cybercriminals. NOTE: The signs below could be caused by other issues besides hacking, such as misconfigured apps, faulty hardware, and much more.

1. Device becomes slow

In some cases, when a threat actor gains a foothold into your device through Bluetooth hacking, they may install malicious software (malware). The objective of the malware could vary. In most cases, its purpose is to steal your data and transmit it to a remote server. Malware has to be constantly running and transmitting data in the background for this to be successful. Which requires a lot of resources hence slowing down your phone, at times considerably.

2. Battery drains quickly

If you notice a sudden spike in how fast your battery drains, check to see if it’s not a malfunctioning battery or a misconfigured legitimate app consuming the resources. In the case of the former, replace the battery if it’s removable, otherwise consult with the appropriate technician. For the latter, uninstall any apps in your phone’s app Settings that are consuming way more resources than they should. If both of these actions don’t lead to a change, it’s time to consider you may be infected with malware. Today, attackers install all sorts of malware from adware, cryptocurrency miners, to mobile spyware.

3. High data consumption

Once your Bluetooth is hacked, the next step is for the attacker to establish a connection between your phone and an external server. This connection can be used to transfer your files such as contact lists, email addresses, passwords, and other sensitive data. To do this requires high data usage. If you notice a big jump in your data consumption it could be an indication that something else might be going on under the hood. In summary, malware has become harder to detect. On most mobile devices, harmful software such as spyware does not appear on the app list in Settings, making it difficult for normal users to find it. We recommend using an antivirus program to thoroughly scan your phone and root out any malware.

How to Use Bluetooth Safely

With these security and privacy risks in mind, it’s important to know how to create a safe Bluetooth environment. Here are some tips on how to secure Bluetooth devices:

1. Install security patches and updates

Keeping all your apps and systems up-to-date is a very easy way to stay protected.

2. Make your Bluetooth device not discoverable

The most common Bluetooth attacks involve hackers targeting Bluetooth devices that are nearby and discoverable. Make it harder for hackers to zero in on your device by setting Bluetooth to “not discoverable.” How you do this depends on the device.

3. Don’t share sensitive information via Bluetooth

Considering the relative vulnerability of Bluetooth, it’s good practice to avoid sending sensitive information via your wireless connection. If you need to send private photos, passwords, login information, or the like, use a more secure means to transmit that data.

4. Be careful who you connect with

Keep your Bluetooth secure by not accepting Bluetooth connection requests from unknown sources. Hackers might send out these requests in the hopes that someone gives them access.

If you aren’t sure who is asking to pair with your device and for what reason, decline or ignore the request.

5. Turn Bluetooth off

Although the fact that Bluetooth devices automatically find other devices is a very useful feature, it also makes your devices prone to attacks. To save your phone’s battery and better protect yourself against attacks, it’s wise to turn Bluetooth off until you need it. This is especially true when you’re in public areas, like airports, train stations, and restaurants. If you’re concerned that you won’t remember to turn Bluetooth on and off, don’t worry. There’s an app for that. Many automation apps such as If This Then That and Tasker can be set up to automatically turn off your Bluetooth when you leave a location or disconnect from a device. Not only will this help keep your Bluetooth secure from hackers, but it will also give a slight boost to your device’s battery life.

6. Don’t pair in public

When you do want to establish a connection with a known device, try to pair the two for the first time in a secure location. Resist the temptation to immediately pair that new set of Bluetooth headsets outside the store where you bought them. Wait until you get home or back to your office. Using this strategy, you can better control the discoverability of your Bluetooth device, since, after the initial pairing, you won’t have to make your Bluetooth device discoverable to connect with your new wireless headsets.

7. Unpair as needed

Get in the habit of deleting any old Bluetooth pairings you no longer need or use. You can find your current pairings in the Bluetooth settings on your device. While most pairings are probably harmless, like that AirBnB speaker you connected to last year, having unused pairings on your device exposes you to unnecessary risk, even if the threat is small.

How to Make Bluetooth Undiscoverable

Making your Bluetooth connection undetectable is one way to keep your device safe. Here’s how you can toggle “not discoverable” on your devices.

Make Bluetooth not discoverable on Android

If you’re using Android, here’s how you can hide your Bluetooth device from others:

This will make your device invisible to other unpaired Bluetooth devices. Any previous pairings will remain accessible.

Make Bluetooth not discoverable on iPhone

According to Apple, the only time your iPhone’s Bluetooth is discoverable is when you have the Settings > Bluetooth screen active. Once you exit Settings, your device is no longer discoverable or available for new pairings.

Make Bluetooth not discoverable on Windows 10

To keep your Windows 10 Bluetooth hidden from other devices, do the following:

Previously paired devices will still be able to connect to your computer, even with discoverability turned off.

Make Bluetooth not discoverable on Macbook or iMac

Unlike iPhones, your Macbook or iMac lets you toggle the discoverability of Bluetooth. Here’s how:

You can always verify the status of your Mac’s discoverability by going to Option and clicking on the Bluetooth icon in the top menu bar.

Will a VPN Make Bluetooth Secure?

One question we often get is whether a virtual private network (VPN) can be used to make your Bluetooth secure. Although a VPN is one of the best ways to ensure your overall online security, it won’t directly protect you against the threat of Bluetooth hackers. VPNs keep you safe when accessing the internet on public Wi-Fi (like when you’re on the train or in a café), cloak your actual location, and encrypt the data you send online. These strategies all keep you safe from prying eyes. As such, we recommend that all our readers use a VPN when they can. Just keep in mind that a VPN won’t keep you safe from attacks via Bluetooth.

Will Antivirus Software Keep Bluetooth Safe?

Another question that security-minded people often ask is whether an antivirus program will keep their Bluetooth secure. While an antivirus program should be an essential part of your overall online security, it cannot stop a cybercriminal from hacking your Bluetooth. However, what the antivirus will do is keep you safe from the malware often installed as part of a Bluetooth hack. To learn more about what antivirus software does and which we consider the best, read our review of the top antivirus software of this moment. If you want immediate protection, we suggest Kaspersky. They offer a variety of plans with different levels of protection and their software is very easy to install and use. Kaspersky will be able to protect a lot of the malware Bluetooth hackers might infect your device with.

Final Thoughts

Bluetooth has made our lives a lot easier. We listen to our favorite music without getting tangled up in pesky cords. Our wireless keyboard and mouse keep our workspace uncluttered. Driving our vehicles is safer with a multitude of hands-free options. While this helpful technology doesn’t come without security risks, you can easily create a secure Bluetooth environment by taking the following precautions.

Install security patches and updates. Make your Bluetooth device not discoverable. Don’t share sensitive information via Bluetooth. Be careful who you connect with. Turn your Bluetooth off. Don’t pair devices in public. Unpair devices as needed.

By incorporating a few common-sense strategies into your routine, you can enjoy Bluetooth more and worry less about what nearby hackers might be up to. To enhance your security measures further, you should use a VPN and an effective antivirus.

Turn off Bluetooth when you’re not using it. Set your Bluetooth to not discoverable. Install system updates and patches whenever they are issued. Be mindful of which devices you pair with.

To find out more about Bluetooth security risks and other ways you can stay safe while using this convenient technology, read our full Bluetooth guide. The best strategy is to get in the habit of turning off Bluetooth whenever you’re not using it. If you have trouble remembering to do so throughout the day, there are a number of apps out there that will do it for you.

iPhone: automatically hides your Bluetooth connection anytime the Bluetooth settings screen isn’t actively open Android, Mac, and Windows: turn on the hidden mode in your Bluetooth settings

Read our full article on Bluetooth safety for step-by-step instructions on how to do this for each device.

How Secure is Bluetooth A Full Guide to Bluetooth Safety - 39How Secure is Bluetooth A Full Guide to Bluetooth Safety - 98How Secure is Bluetooth A Full Guide to Bluetooth Safety - 80How Secure is Bluetooth A Full Guide to Bluetooth Safety - 75How Secure is Bluetooth A Full Guide to Bluetooth Safety - 7How Secure is Bluetooth A Full Guide to Bluetooth Safety - 21How Secure is Bluetooth A Full Guide to Bluetooth Safety - 22How Secure is Bluetooth A Full Guide to Bluetooth Safety - 9How Secure is Bluetooth A Full Guide to Bluetooth Safety - 58How Secure is Bluetooth A Full Guide to Bluetooth Safety - 44How Secure is Bluetooth A Full Guide to Bluetooth Safety - 77How Secure is Bluetooth A Full Guide to Bluetooth Safety - 73How Secure is Bluetooth A Full Guide to Bluetooth Safety - 36How Secure is Bluetooth A Full Guide to Bluetooth Safety - 49How Secure is Bluetooth A Full Guide to Bluetooth Safety - 69How Secure is Bluetooth A Full Guide to Bluetooth Safety - 25How Secure is Bluetooth A Full Guide to Bluetooth Safety - 1How Secure is Bluetooth A Full Guide to Bluetooth Safety - 51How Secure is Bluetooth A Full Guide to Bluetooth Safety - 30How Secure is Bluetooth A Full Guide to Bluetooth Safety - 89How Secure is Bluetooth A Full Guide to Bluetooth Safety - 62How Secure is Bluetooth A Full Guide to Bluetooth Safety - 95How Secure is Bluetooth A Full Guide to Bluetooth Safety - 26How Secure is Bluetooth A Full Guide to Bluetooth Safety - 59How Secure is Bluetooth A Full Guide to Bluetooth Safety - 37How Secure is Bluetooth A Full Guide to Bluetooth Safety - 2How Secure is Bluetooth A Full Guide to Bluetooth Safety - 19How Secure is Bluetooth A Full Guide to Bluetooth Safety - 47