Bluetooth Security

[Marrk]

I keep searching this issue, but I can't say that I have figured it out.

1) If I am discoverable to others, what can they access? I'm only using Bluetooth for headphones, trackpad and keyboard. Can they hear what is I'm listening to in my headphones? Can the see what I'm typing on my keyboard?

2) What is BLE, and is it on my OS now?

Sorry if I am bringing up the same issue over again.

 

[MacInWin]

There is a whole section on security of BT here: https://en.wikipedia.org/wiki/Bluetooth#Security_concerns

 

[ferrarr]

If I am discoverable to others, what can they access?

They can see that you're (your macOS or iOS device) discoverable. Other than that, they can share files with you, and you can accept or deny them. It's your choice. Or you can share files with them, but you have to start the Share procedure. No, they can't hear what you're listening to, unless you pair their device with your Apple device (macOS or iPadOS/iOS).

 

[IWT]

What is BLE

BLE is Bluetooth Low Energy. It is used currently as part of the so-called Bluetooth Handshake which COVID-19 tracing apps use (most notably Apple-Google). The Low Energy bit indicates that the app is only interested in very short-distance communications between devices (ie People).

Yes, it's on your iPhone. No, it's nothing to get excited about.

Ian

 

[Raz0rEdge]

BLE is the latest spec of the Bluetooth protocol. It is designed to use less energy to maintain the same communication.

Bluetooth is a peer-to-peer network, to that end, while you are discoverable, you need to pair with another device to be able to connect and share information.

BT, additionally, provides for very specific profiles to control how it is used. The headset profile is used primarily for audio transmission, the file protocol is for data transfers and the HCD profile is for mice/keyboard and the like.

Airdrop is an Apple creation built on top of BT's file protocol to allow you to share files with people around you. However, in this case you don't need to pair with them, but Apple has built other measures around it like giving you control of who can share files with you and whether you should be prompted to accept or reject the files being sent.

 

[macgig]

I recall reading some time ago that bluetooth is not very secure (it may depend more on what version you use I think?). But honestly I don't know much about it. I have it on for my mouse and keyboard and since I'm close to people in an apartment complex, I was concerned about what would happen if someone could hack it. I know people can see my mouse and keyboard... I renamed them so they at least don't say mouse or keyboard so I'm not giving away information... I need to research it more perhaps sometime.

 

[Raz0rEdge]

Not everything has to be secure. Let that rattle around in your head for a bit.

 

[Marrk]

I recall reading some time ago that bluetooth is not very secure (it may depend more on what version you use I think?). But honestly I don't know much about it. I have it on for my mouse and keyboard and since I'm close to people in an apartment complex, I was concerned about what would happen if someone could hack it. I know people can see my mouse and keyboard... I renamed them so they at least don't say mouse or keyboard so I'm not giving away information... I need to research it more perhaps sometime.

Same here.

 

[chscag]

I know people can see my mouse and keyboard.

I'm interested in how you know that? And even if they can, so what?

People can also read the license plate numbers on your car. They can also find out your name and look you up for free on one of the many "look up" internet sites.

 

[Raz0rEdge]

I know people can see my mouse and keyboard...

Actually they can't unless the devices are in pairing mode. Once paired, the devices don't constantly go looking to something to connect to, they automatically connect to the previously paired device.

So in this case, your mouse and keyboard would connect to the Mac they were paired with initially. Even if the connection were to break, or if you turn off the device, when the device is turned back on or wants to connect, it will automatically connect to the same Mac without any intervention on your part.

Some audio devices allow you to pair multiple devices, in this case, the audio device will go through the list of paired devices and connect to the one it finds in its vicinity. If none of them are found, it just doesn't connect.

Additionally, unlike WiFi, Bluetooth is really meant for short range transmission. People have best luck within about 3-5 ft. Audio devices are the only ones that go farther. I can use my BT headphones connected to my Mac Mini about 40 ft away without any issues.

 

[Marrk]

1) If I un-pair from one device, and pair to another — during this process, my device shows up on my neighbor's Bluetooth (?). I can see other peoples' devices on my Bluetooth.

2) I raised the issue because I did not, and do not, know how vulnerable any device is to Bluetooth hacking. If it's like reading my license plate on the freeway, then that it one kind of exposure. But if it is like having a key to my front door, then that is of more concern.

 

[MacInWin]

Mark, ALL radio signals are vulnerable to being intercepted. All. Period. I was in the business of trying to install a secure network for the US Government in 1987 (33 years ago). As part of that process, we had to show that all of the devices were safe from being listened to by anyone. In a laboratory, I personally witnessed the exposure of a supposedly "safe" computer to a computer in an adjoining room. Every keystroke, every mouse move, every character on the screen and every byte read or written on the drive was visible. And that was on a PC that was supposedly "hardened" to protect it from just what we did. The signal was leaking through the joints in the case, through the connectors for keyboard, mouse, monitor. It leaked like a sieve. And it had been "hardened" at fabulous expense to be safe! At that point I came to realize that there is NO SUCH THING as computer security. And nothing I have seen in the 33 years following have made me think anything is different today. As long as your computer doesn't radiate so much that it interferes with your other devices, or that it becomes a health hazard, nobody cares about how large the signals from it are.

So, "can" BT be hacked? Yes. But that is the wrong question. The better question is "How likely am I to be hacked over BT?" Unless you are a foreign agent who thinks the government may be tracking you, or a master criminal who has the FBI on your case, or something like that, the likelihood of you personally getting hacked over BT is miniscule. If you are in a single family dwelling, I would expect that unless your neighbor has very fancy equipment to surveil your house, your BT signals are pretty much invisible at that distance. Now, in a dense apartment complex, your neighbors on either side, up and down, can probably see your BT devices when they are in discovery mode and advertising their presence, along with your WiFi devices, but again, unless you are in one of the categories I listed, your risk is relatively low. About all they might get on your keyboard with very expensive equipment to surveil them are your passwords, but even so, they probably won't know what account those passwords to go. They cannot see where on your screen you click the mouse, or what websites you click on to visit, so even if they get your login and password, they don't know what accounts those work with. Frankly when you transmit those same logins and passwords over WiFi you are at greater risk of exposure than in the interface from the keyboard or mouse to the Mac.

Bottom line: The risk is small but not zero. Probably too small to worry about, unless you are a foreign agent, master criminal or something similar. But in those cases you wouldn't be searching for security answers on a public forum (or shouldn't be, anyway).

 

[Marrk]

^^Awesome post, Jake. Thanks.


P.S. I'm not a foreign agent or a master criminal. Just a paranoid.

 

[MacInWin]

P.S. I'm not a foreign agent or a master criminal. Just a paranoid

That is what a foreign agent or master criminal WOULD say. Jus' sayin'....

 

[Cr00zng]

P.S. I'm not a foreign agent or a master criminal. Just a paranoid.

“Just because you're paranoid doesn't mean they aren't after you.”

― Joseph Heller, Catch-22

 

[Cr00zng]

Mark, ALL radio signals are vulnerable to being intercepted. All. Period. I was in the business of trying to install a secure network for the US Government in 1987 (33 years ago). As part of that process, we had to show that all of the devices were safe from being listened to by anyone. In a laboratory, I personally witnessed the exposure of a supposedly "safe" computer to a computer in an adjoining room. Every keystroke, every mouse move, every character on the screen and every byte read or written on the drive was visible. And that was on a PC that was supposedly "hardened" to protect it from just what we did. The signal was leaking through the joints in the case, through the connectors for keyboard, mouse, monitor. It leaked like a sieve. And it had been "hardened" at fabulous expense to be safe! At that point I came to realize that there is NO SUCH THING as computer security. And nothing I have seen in the 33 years following have made me think anything is different today. As long as your computer doesn't radiate so much that it interferes with your other devices, or that it becomes a health hazard, nobody cares about how large the signals from it are.

So, "can" BT be hacked? Yes. But that is the wrong question. The better question is "How likely am I to be hacked over BT?" Unless you are a foreign agent who thinks the government may be tracking you, or a master criminal who has the FBI on your case, or something like that, the likelihood of you personally getting hacked over BT is miniscule. If you are in a single family dwelling, I would expect that unless your neighbor has very fancy equipment to surveil your house, your BT signals are pretty much invisible at that distance. Now, in a dense apartment complex, your neighbors on either side, up and down, can probably see your BT devices when they are in discovery mode and advertising their presence, along with your WiFi devices, but again, unless you are in one of the categories I listed, your risk is relatively low. About all they might get on your keyboard with very expensive equipment to surveil them are your passwords, but even so, they probably won't know what account those passwords to go. They cannot see where on your screen you click the mouse, or what websites you click on to visit, so even if they get your login and password, they don't know what accounts those work with. Frankly when you transmit those same logins and passwords over WiFi you are at greater risk of exposure than in the interface from the keyboard or mouse to the Mac.

Bottom line: The risk is small but not zero. Probably too small to worry about, unless you are a foreign agent, master criminal or something similar. But in those cases you wouldn't be searching for security answers on a public forum (or shouldn't be, anyway).

Great post @MacInWin...

Since 1987, the temptest technology advanced even more, or at the very least, it is more accurate:

 

[MacInWin]

Great post @MacInWin...

Since 1987, the temptest technology advanced even more, or at the very least, it is more accurate:

I think the whole Tempest approach was just doomed from the start. The PC in particular had been approved as being Tempested, we just needed to ensure our fiber optic cards for networking didn't diminish the Tempesting. The test I am referring to was the "before" test we performed. When it failed so badly, I duly reported it to the appropriate folks that the unit failed. They sent a second. It failed. Third. Failed. At that point we were told our testing was "too sensitive" and that as long as the "after" was no worse than the "before" we could go ahead. I got that in writing, so we pressed ahead. We got the network installed and certified as "secure" by the government in the end. But every workstation leaked like a sieve, just not from our cards!

The only "secure" computer I am aware of is in a vault, with triple-filtered power supply, in a faraday cage, no printer, two guards on the door. Nothing goes in or out of the vault. One terminal. There is a controlled access list of authorized users who have to pass biometric checks, scans, and cavity search to enter the vault, two at a time, are locked in. They then use the terminal, memorize the results, log off and leave the vault, which is locked behind them. Another scan and cavity search on the way out. Keystrokes are recorded and reviewed by security monitors to review what was accessed by whom and when. It's almost secure, but the weak link is still the user.

 

[macgig]

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

A new unpatched Bluetooth pairing vulnerability could let attackers bypass authentication and connect to nearby devices.

thehackernews.com

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

A new Bluetooth impersonation vulnerability could hackers to spoof a remotely paired device.

thehackernews.com

Bluetooth hacking — Latest News, Reports & Analysis | The Hacker News

Explore the latest news, real-world incidents, expert analysis, and trends in Bluetooth hacking — only on The Hacker News, the leading cybersecurity and IT news platform.

thehackernews.com

don't trust bluetooth myself. I wont use it in my car for this reason. when I'm in the car I drive, don't need to be on the phone anyways... I take precautions... I admit I'm probably over cautious but that's ok.

 

[macgig]

Not everything has to be secure. Let that rattle around in your head for a bit.

what do you mean?

 

[MacInWin]

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

A new unpatched Bluetooth pairing vulnerability could let attackers bypass authentication and connect to nearby devices.

thehackernews.com

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

A new Bluetooth impersonation vulnerability could hackers to spoof a remotely paired device.

thehackernews.com

Bluetooth hacking — Latest News, Reports & Analysis | The Hacker News

Explore the latest news, real-world incidents, expert analysis, and trends in Bluetooth hacking — only on The Hacker News, the leading cybersecurity and IT news platform.

thehackernews.com

don't trust bluetooth myself. I wont use it in my car for this reason. when I'm in the car I drive, don't need to be on the phone anyways... I take precautions... I admit I'm probably over cautious but that's ok.

Reading the articles, seems that the "weakness" required the bad guy to know the other end of a pairing already, or for the victim to allow pairing without security. Common sense says that you don't pair a device you don't know about and the likelihood of a bad actor knowing the devices you may be paired to already is very small. I'm thinking "tempest in a teapot" here. BT in your car is probably the safest BT around. Your movement means that anybody trying to hack you has to maintain a very close position to you, which would be fairly obvious to anyone with even reasonable sensitivity to the surroundings. And even if they did "hack" into your BT, as soon as you get more than a few feet away, the link is broken.

But you do what you think you need to do to be "safe." I'm using BT and enjoying the services it provides. I stream music that I cannot get on the car radio to the audio system. So even if I don't use hands-free calling (which I do), there is a real use for BT in the car.