How Bluetooth can be an attack gateway

How Bluetooth can be an attack gateway
(Image credit: Pixabay)

Recent data indicates there are 26.6 billion IoT devices currently in use in 2019 and this figure is set to rise significantly to 75 billion by 2025. While these IoT devices offer a range of benefits, contributing to more intelligent enterprises, they also create new security risks that work around antivirus protections.

For instance, one threat which is often overlooked is Bluetooth. While most people think of Bluetooth as a harmless technology that facilitates wireless connections between devices, it can actually create significant security risks when not managed properly, especially when users forget to add in authentication measures.

About the author

John Stock is the product manager at Outpost24.

Connectivity comes with risk

Initially developed in 1998, Bluetooth is a wireless communication protocol that connects devices together. Whether using the latest wireless headphones, connecting phones to car handsfree systems or transferring files to colleagues, Bluetooth has proven to be a convenient tool in this wireless age. So much so, it has now established itself as standard technology, built within nearly every device or computer system on the market. However, like any piece of tech, convenience exposes vulnerabilities and security risks, causing endless headaches for the modern security professional.

Sophisticated hackers with sinister intent have exploited several Bluetooth flaws to steal data or install malware, whether that be via Bluetooth chips, targeting mobile devices or even navigating through car entertainment systems. Some of the most high-profile Bluetooth attacks include:

  • BlueBorne - a zero-day vulnerability that allowed a hacker to take over a device and carryout man-in-the-middle attacks to extract information. First discovered by security researchers in September 2017, BlueBorne was found to have infected an estimated five billion mobile devices, IoT units and PCs. Labelled as an airborne attack, BlueBorne didn’t rely on the Internet to travel, instead spreading from device to device via Bluetooth. What’s worse, it didn’t need the devices to have been previously synced. If the Bluetooth was on or enabled, it allowed the hacker to leach to the device and infiltrate the system. This stealthy approach means the victim would be unaware that their device had been infected.
  • Bluetooth Low Energy Jamming - Bluetooth Low Energy (BLE) is a condensed version of the Bluetooth protocol tailored for IoT devices. While it offers limited computing and power resources, it still opens a channel for communication. However, at DefCon 2018, security researchers disclosed BLE jamming, a new threat with the potential to allow cybercriminals to jam and takeover any BLE device within a certain radius. It is one of the reasons that experts at most security conferences advise attendees to disable Bluetooth in an effort to prevent a malicious attack. In fact, for those attending any security conference, its advisable to disable all forms of wireless connection, and if essential, ensure you use devices you can reset after leaving.
  • Bleedingbit – discovered by the same security researchers who uncovered BlueBorne, Bleedingbit can impact businesses around the world. Manifesting as a pair of zero-day vulnerabilities located within BLE chips, it is estimated to be present in 80 percent of business wireless access points in products manufactured by Cisco, Meraki and Aruba. With companies using these products for critical communications, any sort of attack could result in major disruption or exploitation into the wider network. This could essentially destroy any network segmentation, which has been deployed due to the lateral movement of network traffic between network segments, to allow the attack to be carried out.

While these are just some of the most notorious Bluetooth attacks, all enterprises using devices with Bluetooth capabilities such as wireless speakers, printers, smart TVs, and cameras, to name just a few, run the risk of these devices becoming seriously compromised. 

Furthermore, Bluetooth in the enterprise is a bigger issue than simply protecting the privacy of the people who own these devices. With the workforce and IP dependent on a secure network, any potential breach becomes a huge issue. With so many devices, it’s also become an extremely difficult task for security professionals to track the many security issues that come to light. Most organisations just ignore it and hope they won’t be breached. 

Highly secure enterprises frequently employ “wireless free zones” – as a “guarantee” against foreign devices compromising their network. However, in reality, this approach is not sustainable given that even with modern security solutions, it is still extremely difficult for security professionals to gain total visibility into Bluetooth devices.

Three tips to be secure with Bluetooth

While it is virtually impossible to ensure complete network security in any organisation, much less one with new and unsecured connected devices, it is possible to reduce risk. To help with this process, here are three guidelines enterprises should follow:

  1. Create and enforce a company policy that employees either turn off Bluetooth or take it out of pairing when not in use.
  2. Invest in Bluetooth-connected devices only when necessary and become familiar with the difference between secure vs. insecure versions of the standard.
  3. Invest in a visibility solution that will allow your security team to immediately detect and respond to open or otherwise insecure Bluetooth devices. Without knowing what devices there are, enforcing policies and ensuring wireless-free zones is impossible.

On top of enforcing these policies, enterprises are advised to invest in security that can discover all IT and IoT devices through Wi-Fi and Bluetooth signals throughout the network, and in the surrounding airspace, to monitor behaviours and flag any signs of compromise of sabotage. This solution will provide actionable intelligence to alert security teams of any potential threats so they can defend the network from any malicious device. There is no silver bullet to get security right, but enterprises should still take the appropriate steps to lay the foundations to best protect themselves against the threats posed by Bluetooth devices.


John Stock is the product manager at Outpost24.

John Stock

John Stock is the product manager at Outpost24. He has more than 11 years on working experience.