Don’t leave your Bluetooth discoverable

Posted by Fred Lecavalier on Dec 6, 2011 in Bluetooth, Computing, Security, Wireless | 0 comments

I was somewhat shocked when, a few weeks ago, I ended up scanning for Bluetooth signals in the restaurant where I was having breakfast. I was actually trying to send a picture to my mom’s phone, so she could use it as a background.

To my amazement, I picked up at least 20 different devices. I had setup my mom’s phone to be discoverable for 2 minutes only. I could not believe how many people had their devices on discoverable, seeing as there were about 50 people in the restaurant at the time.

Having your Bluetooth set to ‘discoverable’ isn’t all that bad per se, but it can leave your device vulnerable. For one, once discovered, someone could theoretically track you if he/she stays in range of your device. Secondly, your phone or device could get bluejackedBluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. or bluesnarfedBluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection.. The former is harmless, but irritating, as someone could potentially send text messages to your phone via Bluetooth. The latter however, can be quite harmful. Bluesnarfing is basically hacking someone else’s device over Bluetooth. They could theoretically get access to the information on your device.

There have been television shows that have shown how hackers can make money or steal information from devices over Bluetooth in public locations. So the threat is very real.

The safest option is to keep your Bluetooth off. However, nowadays with handsfree devices and OTA (over-the-air) syncronization, Bluetooth has become a requirement for many environments. The safer option is to keep your device non-discoverable, and only to make it discoverable when needed, ideally using a temporarily discoverable option (usually for a couple of minutes).