I’ll bet the Bluetooth on your phone is enabled right now. How you can tell: when you get in the car and it automatically switches to the hands-free option. This is how most people operate. It’s convenient.
So, what is Bluetooth? It’s like Wi-Fi but for short distances and its built into nearly every smartphone. In an iPhone you use it to Airdrop files to your friends. It connects to your wireless earbuds so you can listen to Sgt. Pepper's Lonely Hearts Club Band. It can also be used to steal files off your phone without your knowledge.
I’m referring to the attack tactic called Bluesnarfing. This attack exploits a weakness in some mobile phone Bluetooth implementations and it provides unauthorized access to the personal information stored on your phone.
Here’s the scenario. You are attending an event outdoors and properly observing the government recommended social distance of six feet. Maybe you’re at the grocery store or one of the few remaining restaurants in town that still allow sit-down dining (like Dickies over by Food City). Someone sits six-feet next to you. They then create a Bluetooth connection to your smart phone, and capture the data stored on it. All without your notice or consent!
Why is this important to you? This attack can expose your emails, contact lists, and text messages. Literally anything you store on your phone. Do you have a photo of your drivers license or social security card in there? Anything else you don’t want to become public?
Maybe you think the risk isn’t very high. I mean, how important are you really? In a way, this is conceptually similar to ransomware attacks. Your data is held for ransom. If an attacker gets access to any sensitive data on your phone, they can simply email you anonymously and request a few Bitcoin to have the data deleted. In case you were wondering, at the time of this writing, Bitcoin traded for $11,345.96 per coin. So yes, it’s worth the effort for someone to steal your data.
Now you may be wondering how you can stop this attack, or if it’s even worth it to try. I mean, are you really at risk? Mitigation is easy. Turn off the Bluetooth when you are in public places. It takes almost no effort on your part. As for risk. Do you have sensitive data on your phone?
Now that I have your attention. Bluesnarfing isn’t the only thing that should terrify you. The really scary one is Bluebugging. Bluebugging allows an attacker to have COMPLETE control over your phone. If your phone is Bluebugged, an attacker can make and receive calls over your phone, AND eavesdrop on YOUR phone calls.
Some of this may have sounded like scenes from Mission Impossible, but Bluesnarfing and Bluebugging aren’t make-believe. And you don’t need to be Ethan Hunt to become a target. As with Ransomware, sometimes all a cyber-criminal needs is an opportunity. Leaving your Bluetooth on all the time is convenient for sure. For both you AND the criminal.