Several smartphones have their Bluetooth settings on discovery mode as it is a default setting, making it easy for hackers to access the phones when they are within 10 metres from the device.
- Cybersecurity experts note that apps that let users connect smartphones or laptops to wireless earplugs can record conversations, and are vulnerable to hacks.
- Even the most secure smartphones like iPhones are vulnerable to such attacks.
- Any app with access to Bluetooth can record users’ conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets, some app developers say.
- Through a process called bluebugging, a hacker can gain unauthorised access to these apps and devices and control them as per their wish.
What is Bluebugging?
- It is a form of hacking that lets attackers access a device through its discoverable Bluetooth connection.
- Once a device or phone is bluebugged, a hacker can listen to the calls, read and send messages and steal and modify contacts.
- It started out as a threat for laptops with Bluetooth capability. Later hackers used the technique to target mobile phones and other devices.
- It is a process of exploiting a loophole in the Bluetooth Protocol, enabling the hacker to download phone books and call lists from the attacked user’s phone.
- Bluebugging attacks work by exploiting Bluetooth-enabled devices.
- The device’s Bluetooth must be in discoverable mode, which is the default setting on most devices.
- The hacker then tries to pair with the device via Bluetooth. Once a connection is established, hackers can use brute force attacks to bypass authentication.
- They can install malware in the compromised device to gain unauthorised access to it.
- Bluebugging can happen whenever a Bluetooth enabled device is within a 10-metre radius of the hacker.
Which devices are more susceptible to such attacks?
- Any Bluetooth-enabled device can be bluebugged.
- Wireless earbuds are susceptible to such hacks. Apps that enable users to connect to their TWS (True Wireless Stereo) devices or earbuds can record conversations.
- The apps of these TWS devices can record conversations.
- Once hacked, the attacker can make and listen to calls, read and send messages, and modify or steal your contacts
- Turning off Bluetooth and disconnecting paired Bluetooth devices when not in use,
- Updating the device’s system software to the latest version,
- Limited use of public Wi-Fi and
- Using VPN as an additional security measure.