This post is a continuation of the series on smartphone interfaces and will cover Bluetooth interface security. Let me begin by saying that Bluetooth security is not as bad as it once was. As with the other articles in the series I will cover both the security and privacy concerns around this interface.
Bluetooth Interface Privacy
Bluetooth can be used to track your location. Yes, so can the Wi-Fi and cellular interfaces. Bluetooth’s tracking ability is slightly different, however. Cellular tracking can place you in a radius of hundreds of feet. Wi-Fi can place you in a radius of tens of feet. With the right equipment, Bluetooth can be much more accurate. Instead of hundreds or tens of yards, Bluetooth has the potential track you in feet and inches. Yes, inches.
This has a lot to do with the relatively small footprint of your Bluetooth signal. The practical range of most Bluetooth devices is 5-10 meters. This means that you have to be close to a beacon for it to see you. This also means that for you to be tracked to any meaningful degree, your adversary has to have a lot of Bluetooth receivers in the area. If this sounds far fetched, it has already happened in New York City where an advertising firm placed Bluetooth beacons on public payphones. Apple has a program called iBeacon that allows advertisers to track you to a “hyper local” degree. Google has a rival program called “Eddystone“.
If this sounds like the sole realm of nation/state actors and multi-billion dollar companies, it won’t be for long. Devices like Pwnie Express Blue Hydra put this capability in the hands of your average, run-of-the-mill hacker. There is even a consumer market for Bluetooth tracking devices like the Tile and XY3. These are very small Bluetooth beacons that you can place on your key ring, purse, or other object you are likely to misplace. Your smartphone will then allow you to track the device to within a couple of feet.
Countermeasures: keep Bluetooth turned off, especially when not in use. Consider not using it at all when tracking is a major concern. Unfortunately there is little else you can do to prevent being tracked through this technology.
Bluetooth Interface Security
Your Bluetooth signal is also potentially vulnerable to interception. Though the newer Bluetooth low energy (BLE) protocols encrypt the signal between your devices, it is encrypted with a long-term key. If the key is discovered your communications are potentially compromised in the long term. It is also assumed that there is some security in the relativley short-range of BLE. The transmitting range of these devices is advertised as 10 meters (~33′, or one atmosphere for you divers out there), and reality sometimes proves this to be optimistic. With directional antennas, however, eavesdroppers can pick up Bluetooth signals as far away as 100 meters.
Intercepting Bluetooth is possible but for most it is probably relatively low likelihood. Intercepting unencrypted Wi-Fi is much, much easier (and therefore greater risk), and intercepting cellular signals is practically the job of the cell providers. Bluetooth however, requires a targeted attack. Unless you have made yourself the target of someone who wishes to “Bluebug” you, the chances of this happening randomly are fairly low.
If you are targeted, Bluetooth can completely undermine the protections afforded by apps like Signal Private Messenger or Silent Phone. Let’s assume for a moment that your Bluetooth connection has been intercepted. When you talk on Signal, the message is only encrypted device to device (phone to phone). When you put Bluetooth into the mix, the phone is then transmitting the plain-text version of the entire conversation to another receiver (your Bluetooth earpiece, car, etc.). Anyone who can break the Bluetooth link gets to listen to both sides of the conversation, and it doesn’t matter what hi-speed/low-drag encrypted technology you are using because your phone is decrypting it for them.
Countermeasures: keep Bluetooth turned off, especially when not in use. Do not use Bluetooth if you are at especially high risk, or in a high-risk environment.
Bluetooth can allow your location to be tracked, and it can be intercepted to reveal the content of your communication. I believe that location tracking is the much bigger threat for most individuals. Bluetooth interception must be fairly targeted, so unless you have piqued the interested of an adversary, this is somewhat unlikely. Bluetooth location tracking, however, is indiscriminate. I also believe it is much easier to pull off for the average hacker or cyber-criminal.
I wish there were cooler mitigations for Bluetooth vulnerabilities. Sadly, a VPN won’t save you this time.