Everything in moderation. Those words may be more commonly applied to the food we eat, but the same idiom holds true when it comes to Bluetooth security solutions. Yes, as it turns out, leaving that Bluetooth toggle in the “on” position may represent a giant welcome sign to nefarious hackers.
Perhaps it’s the subtle nature of Bluetooth that makes it so vulnerable. After all, it’s only usable within 30 feet or so of another device—you’d need some serious ninja skills to pull off an attack within that proximity. And yet, that’s exactly what BlueBorne attacks specialize in.
What is BlueBorne?
What are these BlueBorne shenanigans? In short, it’s an attack that operates on an inherent vulnerability in the Bluetooth stack. Android Central has all the delicious details for the nerd inside, but long story short, it’s a few lines of code that can masquerade as an inquisitive Bluetooth device looking for love in all the wrong places.
These attacks essentially create a queue of bogus connection queries aimed at the target device, which triggers a fail-safe connection. Unfortunately, that connection happens to bypass standard Bluetooth security management protocols. The result is a silent connection that can control your device and access your data.
As scary as that sounds, the chances of you being within a stone’s throw of someone attempting such an attack are astronomically small . . . right? At your niece’s bat mitzvah, sure. At the airport? Maybe not. Truth is, you can’t really know whether or not you’re in danger. Unless, of course, you shut the front door—or back door (whatever door you consider a good representation of Bluetooth connections).
How can you stop it?
If disabling Bluetooth is the only surefire way to protect yourself from attacks like BlueBorne, how can you possibly get your users to toggle that switch when they need to? It’s obviously not practical to check in on every employee’s Bluetooth setting while they’re at dinner with the in-laws. That said, there are two effective ways to encourage self-monitoring.
The easiest solution? Simply shift the burden of Bluetooth monitoring from your users to the devices they use. Android has plenty of app offerings that provide geofenced Bluetooth toggling. With these apps installed, your phone can automatically disable Bluetooth when you leave home.
On the iOS side, things get a little more tricky. There’s no simple app solution to automatically police your user’s Bluetooth settings. With a little clever use of the built-in “Reminders” app, you can set up location-based reminders to toggle that switch.
Outside of app-based solutions, taking a more passive approach is good insurance. Get ready for some office culture shock: You may need to lead the change from your usual “all systems go” approach. The simple matter of fact is that most don’t assume there’s an added risk to leaving Bluetooth on, so they do just that—without even thinking about it.
Demonstrating the risks associated with leaving Bluetooth on (you might lose those cute pet pictures) can bring visibility to the issue. With the proliferation of Bluetooth-dependent wearables and automobiles, this concept can be a tough sell. Fortunately, modern smartphones usually place the toggle just off screen in quick-access menus. The easier it is for a user to toggle the setting, the more likely they are to do it.
In truth, vulnerabilities like BlueBorne highlight the hostility of the digital world we live in today. From printing to phone calls, new cyber attacks are discovered with increasing frequency in just about every part of our connected world. With a little help from centralized security solutions and even the devices themselves, staying protected becomes less burdensome and infinitely more approachable.