How Safe Is Your Bluetooth?

We all know them. Many of us kind of hate them. The Bluetooth headset, though, is a staple of modern life. Whether it’s something you need or something you want, millions of people have one plugged in their ear.

And it may be paving the way for their smartphone to be hacked.

A Finnish company bought a bunch of Bluetooth headsets and hands-free kits and subjected them to a “fuzzing” attack, basically sending the phone and headset intentionally crappy data. In many cases, it crashed the phone. That’s bad enough, but what’s worse is that the crash opened up the phone to reveal various possible routes to access it secretly, or to just throw malware onto the phone.

Oh, and thanks to the way Bluetooth is designed, you can have all this happen without your phone being paired to a specific Bluetooth device.

All this is thanks to Bluetooth’s security implementations, which are, obviously, pretty terrible. The manufacturers are working on a solution: these are white hat hackers, after all, and they want us to be safe. But in the mean time, take steps to protect yourself:

• The most basic step is the simplest: hang up your headset for a while, if you use one. Ask yourself if it’s really necessary, or just a status symbol.
• If you don’t use a headset, go into your phone’s settings menu and disable Bluetooth. This is a good idea anyway: you’re just offering an open channel into your phone for anybody who wants it by leaving it on.
• Contact the manufacturer of your phone and your headset and see what they’re doing to patch this security hole. The harder you lean, the better the results.

We can’t protect our phones completely: they’re designed to send and receive data. But we can at least anticipate threats.