Did you know

Did you know – enabling Bluetooth in non-discovery mode doesn't prevent access to your smartphone

Luis D. posted by Luis D.   /  Jun 17, 2016, 9:36 AM
Some smartphone users like to have Bluetooth turned on, but keep their devices in non-discoverable mode so other connected gadgets won't detect them. It turns out this precaution is just a myth, and keeping your device non-discoverable won't fully protect it against hackers bent on breaking into your phone. There are scanners and sniffer devices in existence that find your device's Bluetooth address and let infiltration commence even when it’s set to non-discoverable.

A significant vulnerability that eases the process is the "factory" default password used on the majority of Bluetooth devices, which is something to the tune of "0000" or "1234". Once someone has sniffed your Bluetooth address, chances are they can establish a connection using this PIN code. According to security researchers, it's this unreasonably simplified system that faciliates most cases of Bluetooth eavesdropping and so-called "Bluejacking"  – connecting to a phone and sending spam content. So one of the better things you can do in this regard is change your Bluetooth password to a less  PIN.

The way this goes is that most consumer devices rely on the Bluetooth Device Address (BD_ADDR) information as a security mechanism. Operating in discoverable mode, Bluetooth devices respond to page request messages issued by other gadgets with their BD_ADDR information. In non-discoverable mode, though, BD_ADDR information requests are ignored. It may be common sense, but devices in discoverable mode are especially vulnerable as they get easily identified with tools such as BTScanner that send repeated page request messages to all Bluetooth devices within range.

What's the take-away here? Keeping Bluetooth devices non-discoverable is still good practice, but it won't stop attackers. They are able to send con request messages to every common BD_ADDR prefix or OUI until the full BD_ADDR is known. Either that, or they can use a list of common BD_ADDR prefixes that lets an attacker test all known Bluetooth OUI values in less than 2 minutes. Ultimately, Bluetooth is best left switched off unless you're using it to pair a device or transmit information.

source: SANS Tech Institute via MakeUseOf

ALSO READ

FEATURED VIDEO

Options

4 Comments

TechieXP1969
Reply

1. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

First off, if your BT is being connected too, most phones display that info on the screen. Since most people have their phone glued to their face, they should be able to see this and turn it off. Also unless someone is following you, there isnt much they can do over BT without you knowing it, especially since the range is very short. Unless you're using a signal booster, the range isnt even worth attempting to hack a moving target. The range is too short and most people are moving constantly. Unless you are important, no one is goign to hack your phone, no more than hacking your PC. Unless you are known to have alliances with a business where you have access to something worthwhile, people just dont go hacking every average joe on the street. These types of articles are always so stupid. if you are a CEO of a multi-billion dollar company or you work in banking, finance or similar; then "maybe" you should be more aware. You have a better chance of getting hit by a car, then having your phone hacked.

posted on Jun 17, 2016, 10:33 AM

elitewolverine
Reply

3. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

No consumer is too small, it is this I am nothing mentality that creates a billion dollar industry. Also, go into a coffee shop, you are within range of 30 devices almost instantly. Now I don't know where you live, but it is not hard to visit the 'well' off places and bluejack into a few devices. Most people wont even know whats going on, they will dismiss the notification without a thought. They do so for everything from updates to messages.

posted on Jun 19, 2016, 7:18 AM

epdm2be
Reply

4. epdm2be

Posts: 818; Member since: Apr 20, 2012

"dismiss" that BT-notification still doesn't grant you access. I think is all way too exaggerated.

posted on Jun 19, 2016, 8:07 PM

hotmaillogin
Reply

5. hotmaillogin

Posts: 2; Member since: Feb 21, 2017

The article you have shared here very good. This is really interesting information for me. Thanks for sharing!

posted on May 16, 2018, 10:48 PM

view all comments
Want to comment? Please Log in or sign up.

Featured stories

New-Pixel-4-renders-appear
Check out the latest Google Pixel 4 renders
Best-free-games-android-phone-tablet-2019
Best free Android games to play on your phone or tablet in 2019
FaceApps-incredible-overnight-success-gives-us-a-few-important-lessons
FaceApp's incredible overnight success gives us a few important lessons
Google-Pixel-4-XL-specs-leak
Alleged Google Pixel 4 & Pixel 4 XL specs emerge in new leak
samsung-galaxy-tab-s6-leaked-new-press-renders-specs-features
Massive new leak reveals the high-end Samsung Galaxy Tab S6 in all its glory
Apple-iPhone-11-Max-design-camera-dummy-unit
Here's what the iPhone 11 Max will probably look like
Note-10-Exynos-9825-Snapdragon-855-Plus-top-benchmarks
Note 10 may be the fastest Android alive as new Exynos 9825 and Snapdragon 855+ benchmarks leak
What-is-Note-10-Sound-on-Display-soundcasting-all-screen-design-technology-explained
Here's how Note 10 may use Sound on Display tech to get an 'all-screen' design

Popular stories

best-buy-samsung-galaxy-s10-family-deals-massive-discounts-carrier-activation
Best Buy is now offering discounts of between $400 and $500 on the entire Galaxy S10 family
Best-Buy-deal-takes-as-much-as-80-percent-off-of-the-Moto-G7-Power
Moto G7 Power and its 5000mAh battery on sale for as low as $49.99 at Best Buy
best-buy-massive-sale-moto-g7-family-moto-z3-play-more
Best Buy is running a massive sale on Moto G7 phones, the Moto Z3 Play, and more
amazon-fire-hd-8-woot-deal-brand-new-units-with-warranty
Woot has brand-new Amazon Fire HD 8 units on sale at big discounts, no Prime needed
Google-Pixel-4-XL-Hole-on-the-front-raises-questions
Google Pixel 4 XL will come with a mysterious new sensor: what is it?
woot-deals-google-pixel-3-pixel-2-original-pixel-refurbished-warranty
Woot is deeply discounting every high-end Google Pixel phone ever released (refurbished)
Update-bricks-Verizon-Galaxy-S10-units
Samsung says there is only one fix for Verizon Galaxy S10 units bricked by the latest update
T-Mobile-will-give-you-a-free-phone-when-you-add-a-line
New and existing T-Mobile customers can score a free phone by adding a new line

Hot phones

Latest Stories

View more
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.