Bluetooth left always ‘on’ leaves devices vulnerable to hackers and attacks that cause hearing loss

September 19, 2019 | 0 | Education and Training

You swore you’d never go back to using wired headphones, thanks to Bluetooth technology. 

Here’s why you may want to remain tethered to your device, or at least turn off the technology when it’s not being used.

Bluetooth, when left on, leaves the users of smart phones, computers, tablets and other devices that rely on the wireless technology vulnerable to a number of security and privacy issues – and even sonic attacks.

The first-line of defense is simply to shut off the technology when not in use, which detracts from its convenience, but provides some degree of safety. 

That’s exactly what attendees at the DefCon and Black Hat security conferences do, where they tweet each other reminders to flip the Bluetooth switch on their devices to ‘off.’

Bluetooth, when left on, leaves the users of smart phones, computers, tablets and other devices that rely on the wireless technology vulnerable to a number of security and privacy issues – and even sonic attacks

Attendees at the DefCon and Black Hat security conferences do tweet each other reminders to flip the Bluetooth switch on their devices to ‘off’

Hackers, counting on anyone who leaves their Bluetooth enabled, can glean data off security badges, some passports and even credit cards

Hackers, counting on attendees who leave their Bluetooth enabled, can glean data from security badges, some passports and even credit cards, reports PC Magazine.  

Devices that rely on Bluetooth can even be turned into sonic weapons that deliver ear-piercing sounds that can lead to hearing loss. 

Researcher Matt Wixey unveiled research at this year’s DefCon in Las Vegas that showed how a virus can exploit ‘known weaknesses’ in some devices with speakers to inflict harm.

The devices could be rigged to suddenly play ‘dangerous’ sounds, at either low or high, can damage hearing and leave a person disoriented, reports Mashable.

This may explain how American diplomats stationed in Havana, Cuba, came down with mysterious, unexplained inner-ear damage after hearing high-pitched sounds that cause them to experience dizziness, insomnia and difficulty concentrating starting in late 2016.

Devices can be rigged to suddenly play dangerous’ sounds. This may explain how American diplomats stationed in Havana, Cuba, came down with mysterious, unexplained inner-ear damage after hearing high-pitched sounds in 2016

The US government employees were pulled off the island nation as a result, with its Communist government denying any involvement. An investigation is ongoing. 

A ‘severe’ vulnerability in Bluetooth technology can also be exploited for surveillance, warn experts.

‘An attacker is able to the listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired,’ say researchers who conducted a 2018 study and called the assault, ‘Key Negotiation of Bluetooth Attack,’ or KNOB.

‘Any standard-compliant Bluetooth device can be expected to be vulnerable,’ say the researchers on their website. 

They conducted KNOB attacks on more than 17 Bluetooth chips, by attacking 24 different devices manufactured by Broadcom, Qualcomm, Apple, Intel, and Chicony.

Apple was singled out for its ‘Air Drop’ feature by security researchers at Hexway, who found a flaw that could be manipulated by hackers to reveal a device user’s telephone

‘All devices that we tested were vulnerable to the KNOB attack,’ the researchers warned.

Apple — which prides itself on protecting customer privacy —  was singled out for its Air Drop feature by security researchers at Hexway, who found a flaw that could be manipulated by hackers to reveal a device user’s telephone. 

The vulnerability comes from Air Drop’s reliance on Bluetooth LE (Low Energy), which sets up a  WiFi network between devices for sharing pictures and other data.

Hexway discovered than an iPhone user’s phone number could end up in the information exchange. In some cases, an Apple ID and email address could also be compromised. 

Older iPhones, before the 6S model, did not appear to have the flaw, the researchers said, according to Mashable.

Bluetooth, originally developed by the mobile technology firm Ericsson, is increasingly used to connect mobile devices to fixed devices — from toasters to sex toys. 

The retailers selling such products have also relied on Bluetooth to keep tabs on customers and send targeted advertising, reports The New York Times.

Using ‘Bluetooth beacons,’ stores are learning more about customers and pushing notifications to their mobile devices that align with shopping habits.

The beacons are catching on in other public places, including shopping malls, subways, airports, gyms, sporting and concert venues, as well as in taxis and buses. 

Matt Lourens, a security engineering manager with Checkpoint software, tells USA Today that hackers in public places need to be close by to exploit Bluetooth technology, which is why he also suggests, “turn it off.’

Read More

Related Posts