Several smartphones have their Bluetooth settings on discovery mode as it is a default setting, making it easy for hackers to access the phones when they are within 10 metres from the device.

 

Background

  • Cybersecurity experts note that apps that let users connect smartphones or laptops to wireless earplugs can record conversations, and are vulnerable to hacks.
    • Even the most secure smartphones like iPhones are vulnerable to such attacks.
  • Any app with access to Bluetooth can record users’ conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets, some app developers say.
  • Through a process called bluebugging, a hacker can gain unauthorised access to these apps and devices and control them as per their wish.

 

What is Bluebugging?

  • It is a form of hacking that lets attackers access a device through its discoverable Bluetooth connection.
  • Once a device or phone is bluebugged, a hacker can listen to the calls, read and send messages and steal and modify contacts.
  • It started out as a threat for laptops with Bluetooth capability. Later hackers used the technique to target mobile phones and other devices.
  • It is a process of exploiting a loophole in the Bluetooth Protocol, enabling the hacker to download phone books and call lists from the attacked user’s phone.

 

Working

  • Bluebugging attacks work by exploiting Bluetooth-enabled devices.
  • The device’s Bluetooth must be in discoverable mode, which is the default setting on most devices.
  • The hacker then tries to pair with the device via Bluetooth. Once a connection is established, hackers can use brute force attacks to bypass authentication.
  • They can install malware in the compromised device to gain unauthorised access to it.
  • Bluebugging can happen whenever a Bluetooth enabled device is within a 10-metre radius of the hacker.

 

Which devices are more susceptible to such attacks?

  • Any Bluetooth-enabled device can be bluebugged.
  • Wireless earbuds are susceptible to such hacks. Apps that enable users to connect to their TWS (True Wireless Stereo) devices or earbuds can record conversations.
  • The apps of these TWS devices can record conversations.
  • Once hacked, the attacker can make and listen to calls, read and send messages, and modify or steal your contacts

 

Prevention

  • Turning off Bluetooth and disconnecting paired Bluetooth devices when not in use,
  • Updating the device’s system software to the latest version,
  • Limited use of public Wi-Fi and
  • Using VPN as an additional security measure.