From stealing your data to accessing photos and videos. Here, cybersecurity experts explain the possible risks and provide their recommendations in this regard.
Connecting electronic devices via Bluetooth can be convenient and useful during the routine. This technology allows you to use devices such as headphones or speakers, without the need to use cables and in spaces like public transportation or when you’re on the go .
But are you one of the people who always leave this feature enabled on your mobile phone? Good, certain risks could affect your security .
In 2017, the cybersecurity company bangles discovered a set of vulnerabilities (flaws) for hacking via Bluetooth that put nearly 8 billion devices at potential risk.
Through these, grouped under the name of BlueBorne, cybercriminals They found ways to intercept their targets, which could range from cell phones to computers and other electronic objects. with Bluetooth.
“BlueBorne allows attackers take control of devices, access corporate data and networks, break into secure “isolated” networks (i.e. disable connection), and spread malware (a malicious program) laterally to adjacent devices, ”they assured the company.
In other words, this set of faults “it can be used for a wide range of crimes”, including everything from accessing your personal information to obtaining photos and videos of the device that is intercepted.
Although, after this warning in 2017 different operating systems have implemented new security measures to protect their users d’Armis pointed out: “We believe there are many more vulnerabilities waiting to be discovered across the various platforms that use Bluetooth” .
Faced with this scenario, cybersecurity experts spoke with The third to understand what they are the possible risks to which you could currently expose yourself .
Potential attacks on your devices via Bluetooth
The academic of the Faculty of Engineering and Applied Sciences of the Universidad de los Andes, Claudio Álvarez, explains that, in the vast majority of cases, it is complex for a cybercriminal to steal your data only via Bluetooth activated on your device.
Despite this, it guarantees that it can happen and makes a distinction between attacks that could be classified as “minor” and “more important”.
In the first, for example, a cybercriminal could access a person’s mobile to steal data. This could be done by trying to connect to the phone and getting the pin code (a type of password). Especially in this case, people who leave their device configured with a very weak pin (…) are vulnerable recently, what most modern operating systems do is that when there is a pairing or pairing request, it generates a PIN currently on the device, which is random.”
For this last point, he adds that “by conventional means, it can be difficult for a hacker to log into a device if he has not had a previous login”, since systems like Android and iOS have taken protective measures to avoid these situations.
According to Álvarez, the “most serious and effective” attacks appear when cybercriminals discover “zero-day vulnerabilities” which are characterized — simply put — because developers don’t know they exist and attackers take advantage of them after first identifying them.
Within this category, those found by Armis specialists in 2017 fall, as their appearance prompts those responsible for the matter to take prompt action to avoid large-scale interceptions.
“SO, attackers can really carry out massive action, steal information and take control of devices even for other types of illicit activities “, explains the university.
Álvarez says there are also rare methods by which cybercriminals could know whether or not a person’s device (a cellphone, smartwatch or other with low-energy Bluetooth) is present at a location.
“Other, slightly more common attacks might involve planting a malicious device, such as a Bluetooth speaker, to connect. It can be in a hostel, in a hotel, for example, who knows what. This device might have firmware inside, modified software so that in this case when you connect your device via Bluetooth, it installs malware (malicious program) or steals data from your phone.
“It could also be a possibility”, adds Álvarez, “the lesson that could be learned from a case like this is that you have to be quite suspicious of the device you are connecting to and whether it generates trust or not”.
The possible consequences
Despite the fact that the academic director of the master’s degree in cybersecurity at the Adolfo Ibáñez University, Ricardo Seguel, points out The third that today the ways in which you can be attacked if you have your Bluetooth on all the time are more difficult than before – as operating systems develop responses to vulnerabilities – he asserts that “there is always a risk “.
“Often we download apps that ask your permission to share, for example, geolocation or Bluetooth” he says, “we may not even realize it until we have them installed.”
According to Seguel, this could have consequences, especially if they download from “unofficial sites”. “Because if they go through the App Store, they are checked from top to bottom (…) Apple’s filters are very strict, while Android’s are not so strict.”
In such cases, when an app is downloaded from an untrustworthy source that may contain threats, users face “They can leave your Bluetooth, geolocation, microphone or video camera open, without you realizing it” .
If we think of a hypothetical case in which you are looking for a free application to listen to music in high fidelity and you find one that promises a complete catalog in a non-specialized forum or is not verified by an official store like the App Store, the following could happen, according to UAI’s cybersecurity expert.
“Different types of data exfiltration could appear there. For example, If your mobile phone’s Bluetooth connects to an Internet network, without you realizing it, it could send data, which can be confidential information, photos or videos, among others. They could send that elsewhere, to the attacker’s site in this case. It’s a high risk.”
In this sense, Seguel adds that a similar scenario could occur if cybercriminals manage to access the camera or microphone of your device, with which they could possibly review “anything you can talk about, film or photograph” .
“After, the problem is that they can extort you ”.
However, he points out that these cases are not as common in the general population which does not mean that any caution should be exercised when downloading content from the Internet.
That is why Claudio Álvarez, the specialist at the Universidad de los Andes, lists three essential recommendations For users:
“The first is always stay away from discovery mode or pairing mode Bluetooth. The second is that really Do not connect to a device that you do not know and on which you do not have other references . And the third, I would say that using Bluetooth can be right and necessary, when you wear your headphones for example. Trying to keep it off when not in use will save your battery level and also reduce the risk of your phone being compromised with some vulnerability. day zero”.
Source: Latercera
I am David Jack and I have been working in the news industry for over 10 years. As an experienced journalist, I specialize in covering sports news with a focus on golf. My articles have been published by some of the most respected publications in the world including The New York Times and Sports Illustrated.
