Bluetooth is bad.
Bluetooth makes life easier. It’s the IOT connectivity easy button. It made your life quick and easy to be able to connect your iPhone or Android , smart earbuds , smart speakers, cars radios , smart lightbulbs and smart fridges and even smart toaster ovens. But blue tooth and Blue tooth low energy is very problematic for reasons more serious than pairing issues.
Bluetooth has been proven time and time again to be a security and privacy nightmare. Security professionals and hackers think of it as a bad word. Or awesome tech if they are capitalizing on the vulnerabilities.
The Def Con hacker conference, in Las Vegas, just finished up and one of the recommendations given to attendees is to make sure Bluetooth is disabled on their phones. Yes, don’t turn on Bluetooth or turn it off is the advice given for this conference.
Think about that the next time you want to leave Bluetooth enabled.
Is this all just more click bait fake news fear mongering like Elon Musk loving to hear himself speak about the end of the world scare tactics ? Not exactly.
This isn’t nuking Mars or Asteroid destroying earth or AI robots turning into sky net scare tactics here. Blue tooth is really poorly designed and built when it comes to security.
It’s been shown at various conferences and events, in blog posts and on YouTube videos that hackers and security professionals can use Bluetooth to identify vulnerable medical devices , digital speakers, and hack into your now always connected car. Hackers or bored tech savvy intelligent thirteen year olds could take control of these devices and force them to play dangerous sounds or mess with heartbeat monitoring devices or turn a car off or lead them astray. The nation state or ransom ware bad guy hackers are one thing , but some script kiddie just learning isn’t even out to really harm anybody. Except they accidentally would in some of these instances.
Earlier this year researchers announced a flaw that could allow hackers to both intercept and alter data sent over Bluetooth. Talk about data security and privacy concerns. A attacker is able to listen in on, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired.
There are other stories and media reports where many stores like Walmart or Target or a grocery store now use Bluetooth beacons to track the location of individual shoppers down to the inch. That information is collected, analyzed and often sold or given to advertisers, who then use it to build data profiles on unwitting people just trying to buy some shampoo or socks or a bottle of water.
Many people keep Bluetooth enabled all the time. It makes life easier to pair and connect. Who wants to go to their phone settings or home security settings and enable Bluetooth and then pair it with the other Device every time you want to use your headphones or get into a car. But by having Bluetooth always on and always connected , you open yourself up to these potential hacks, abuses, and privacy violations.
What’s the solution to fix these Bluetooth vulnerabilities and challenges ?
Well that’s simple. You just have to turn Bluetooth off. Use it when you must , disable it or turn it off the rest of the time. Problem solved. It’s not exactly comforting, but it is what it is for now.
Read More Articles
Supply chain and logistics is a complex and complicated space. But supply chain mechanisms and supply chain automation and supply chain security isn’t a simple conversation or easy button solution. It’s a global supply chain society.
Can blockchain help ? Can IOT help ? Can Big data analytics help ? Can robotics and automation help ?
But of course blockchain can sort of help when you think about it. As Bruce Schneier said about the supply chain and public policy, “you have to trust everyone yet you can’t trust anyone.”
Cool use case for blockchain and agriculture and the supply chain.
Developers at Starbucks exposed an API key that might be used by an attacker to access internal IT systems and manipulate the list of authorized users.
The issue has been rated as ‘critical’ because it could allow attackers to execute commands on systems, add or remove users which have access to internal systems, and potentially AWS account takeover.
The key was found in a public GitHub repository.
Serious impacts ignored
Vulnerability hunter Vinoth Kumar found the key in a public GitHub repository and disclosed it responsibly through the HackerOne vulnerability coordination and bug bounty platform.