Is Bluetooth Safe To Use?
When Sultan Qasim Khan unlocked the Tesla Model X, it didn’t seem like anything was wrong. But there were two serious issues. First, he was hundreds of miles away from the car. Second, it wasn’t his car.
Sultan is a security researcher who uncovered a vulnerability in Bluetooth Low Energy (BLE) communications that allowed him to unlock and operate Teslas from almost anywhere [*].
But, you don’t need to be a Tesla owner to be at risk of Bluetooth hacking. According to the Bluetooth Special Interest Group (SIG) [*]:
“There were over 5.4 billion Bluetooth-connected devices shipped in 2023."
Each Bluetooth device has potential vulnerabilities that hackers can take advantage of. Whether it’s your car, laptop, phone, or smart home device, Bluetooth hackers can get past your device’s security features and steal your sensitive information.
In this guide, we’ll explain how hackers take advantage of the Bluetooth protocol, the most common vulnerabilities that you need to know about, and how to keep your devices — and sensitive data — safe.
How Does Bluetooth Get Hacked?
Bluetooth is a wireless technology that lets devices communicate over a short range. You’ve most likely used Bluetooth to connect your phone to wireless headphones, set up a smart home device, share files, or even secure your home using a smart lock.
But Bluetooth’s high level of convenience doesn’t come without risks.
While some devices use a level of Bluetooth encryption that can protect your devices and data, others operate on open frequencies. If hackers can intercept (or hack) your connection, they can also intercept data (such as passwords and credit card numbers), take over your devices, or spy on you.
Here are a few of the most common ways that Bluetooth devices get hacked:
- Bluejacking occurs when hackers take over devices and send unsolicited messages to other Bluetooth devices.
- Bluesnarfing is a type of cyberattack that gives hackers access to a Bluetooth device’s stored information, such as contacts and text messages.
- Bluebugging is a more advanced type of attack in which hackers gain control of a device’s features, including making phone calls or accessing sensitive information.
- Bluesmacking occurs when hackers launch a distributed denial of service (DDoS) attack on your smart device, causing it to crash or become unresponsive.
- Car whispering occurs when hackers target car radios and eavesdrop on conversations or phone calls made inside the car.
What makes Bluetooth hacking especially dangerous is that bad actors can target nearly any Bluetooth-enabled device — regardless of manufacturer or operating system. For example, “BlueBorne” hacks spread over the air and don’t require hackers to pair with your device, or for your device to even be in discoverable mode.
What Can Hackers Do If They Hack Your Bluetooth Device?
- Spam you with messages and phishing attacks. Hackers can pair with your Bluetooth devices and send endless messages and texts to your device. These could include phishing attempts or NSFW (not safe for work) content.
- Listen to your calls or read your messages. If hackers pair with your Bluetooth device, they can intercept your calls, messages, and any other wireless communication that you send.
- Remotely unlock your car from hundreds of miles away. Vehicles with keyless entry offer a more specific security risk. Scammers have found ways to use Bluetooth hacking to remotely unlock and operate vehicles, without access to your key, fob, or phone.
- Hack your phone even if it’s turned off. Criminals can exploit Bluetooth in your mobile phone and install malware, even when it’s switched off.
- Steal data being transmitted over Bluetooth. Hackers can still capture data being sent over a Bluetooth connection, even if the data is encrypted. This could include passwords, credit card numbers, or sensitive data that can be used to steal your identity.
- Copy data stored on your device (documents, photos, passwords, etc.). Hackers can steal data on a Bluetooth-enabled device without their victims even being aware.
- Take over your smartphone or smart devices with DDoS attacks. Criminals attack your device by sending large data transfers to overwhelm and shut down your device. They use this as a gateway for more severe attacks once your device is shut down.
- Eavesdrop on conversations and phone calls that happen in your car. Hackers can listen to your conversations by pairing with the car’s audio system.
- Unlock smart locks in your home or office. Hackers can also unlock your home or office by accessing a Bluetooth connection that controls your smart locks.
The bottom line: Bluetooth hacking can put your devices, data, and identity at risk. If you see any signs that your devices have been compromised, you need to act quickly to shut down the scammers.
How To Tell If Your Device’s Bluetooth Has Been Hacked
Bluetooth hacking is hard to spot. However, many of the warning signs are the same as if your phone is hacked.
Here’s how to know if your Bluetooth has been hacked:
- Your device works differently or less efficiently. Reduced battery life, device crashes, and poor performance are all signs that your device has been hacked. If your phone is warm or hot to the touch, this could also be a sign.
- You have higher-than-usual data charges. Data is sent to attackers in the background during a Bluetooth spying attack. If your data usage goes up significantly, this could mean you’ve been hacked.
- You see Bluetooth connections to unknown devices. If devices are paired to your phone over Bluetooth that you don’t recognize, these unknown devices could be spying on you or hacking your device. This is a clear sign that your Bluetooth device has been hacked.
- There are apps that you don’t recognize on your phone’s home screen. Beware of new apps that show up on your Android or iPhone. Attackers install new apps that can spy on you or steal your information — and hope you don’t notice.
- You can’t log in to your online accounts. Attackers can use a compromised phone to gain access to your online accounts. If your passwords aren’t working for your email, social media, or other accounts, your phone could be hacked.
- You notice signs of unauthorized access or attempted logins to accounts. If you start getting notifications about random logins to your accounts, it could be a sign that someone has your password. Don’t use any two-factor authentication codes, and change your password immediately.
- You receive strange pop-ups on your device. Random pop-ups on your phone could be linked to malware. If you notice any pop-ups on your phone, do not click on them.
How To Protect Your Device Against Bluetooth Hacking
- Turn off Bluetooth when you’re not actively using it
- Disable features that use Bluetooth
- Avoid sharing or sending sensitive information over Bluetooth
- Keep your operating system and software up to date
- Don’t set up Bluetooth pairing in public
- Disable Bluetooth for certain apps
- Delete unused or old Bluetooth connections
- Refuse all unknown Bluetooth pairing requests
- Unpair your phone from any vehicle you don’t own
- Protect your device with antivirus software
Follow these 10 steps to protect your devices and sensitive data from all types of Bluetooth attacks.
1. Turn off Bluetooth when you’re not actively using it
Bluetooth technology operates by having devices discover each other when they are within close range. This means that hackers can usually only take advantage of security vulnerabilities if Bluetooth is enabled on your device.
Keeping Bluetooth active all the time makes your device more discoverable. Turning Bluetooth off makes your device private.
To stay safe, turn off Bluetooth whenever you're not actively using it.
How to turn off Bluetooth on iOS:
- Open the Settings app on your iOS device.
- In Settings, tap Bluetooth.
- Under Bluetooth settings, tap the switch beside Bluetooth to turn it off.
How to turn off Bluetooth on Android:
- Open your device's Settings app.
- Tap Connected devices.
- Then tap Connection preferences, and choose Bluetooth.
- Turn Bluetooth off.
2. Disable features that use Bluetooth
Every device manufacturer has its own set of features that use Bluetooth.
For example, iOS devices use AirDrop to share files wirelessly when near other Mac and iOS devices. Android has a Quick Share feature that lets you quickly transfer files between Android devices.
By default, these features are set to “Everyone” — meaning you can receive items from anyone who connects with your device. By restricting these features to “Contacts Only,” you can make your devices less desirable targets for hackers.
How to adjust AirDrop settings on iOS:
Swipe down from the upper-right corner of the screen to open the Control Center, and then touch and hold the network settings card in the upper-left corner.
Next, touch and hold the AirDrop button; then choose one of the options.
- Receiving Off: You won’t receive AirDrop requests.
- Contacts Only: Only contacts can see your device.
- Everyone: All nearby Apple devices using AirDrop can see your device.
How to adjust Quick Share settings on Android:
- Open your Settings app.
- Tap Google and then Devices & sharing.
- Tap Nearby Share and turn it on or off.
3. Avoid sharing or sending sensitive information over Bluetooth
A Bluetooth connection is less secure than a private Wi-Fi connection. It can be a vulnerable point of access for data or identity theft. So, avoid sharing sensitive information and documents over Bluetooth.
If you must share sensitive information, use a secure file sharing tool like WeTransfer. It uses end-to-end encryption, and scrambles the data in a message so that only the intended recipient can read it.
💡 Related: How To Tell If Your Wi-Fi Is Hacked (and What To Do) →
4. Keep your operating system and software up to date
Regularly updating your operating system and software is vital to your digital security. Updates can add new features but also fix any bugs and loopholes that criminals can exploit.
You can set your device to update automatically. Or you can update it manually.
How to update an iOS device:
- Plug the device into a power source, and connect to the internet with Wi-Fi.
- Go to Settings, then General.
- Tap Software Update.
- Tap Download and Install.
How to update an Android device:
- Connect your device to Wi-Fi.
- Open Settings.
- Select About phone.
- Tap Check for Updates.
- Tap Install Now.
5. Don’t set up Bluetooth pairing in public
Public places are crowded and can be hotspots for malicious actors.
Don't pair Bluetooth in public. Wait until you're in a secure area — like your home, office, or another place where your device won’t be compromised.
💡 Related: What Is Shoulder Surfing? How It Happens & How To Avoid It →
6. Disable Bluetooth for certain apps
Bluetooth allows app developers to pinpoint your location. But few people realize that apps such as HBO Max and Kindle request permission to use Bluetooth. If you determine that some apps that you regularly use require Bluetooth, disable that functionality in the app’s settings.
7. Delete unused or old Bluetooth connections
Hackers can infiltrate your device through old Bluetooth connections, upload malware, or steal your personal data — even if you're not actively using Bluetooth.
For example, if you connect your phone to a Bluetooth speaker and then disconnect it, the connection is still technically available on your phone. With the right tools, hackers can access your device through that connection.
How to delete Bluetooth connections on iOS:
- From your home screen, tap Settings and then Bluetooth.
- Tap the Info icon next to the connected device.
- Tap Forget This Device.
- Tap Forget Device.
How to delete Bluetooth connections on Android:
- Navigate to Settings and then Bluetooth.
- Tap the appropriate device name (or the Settings icon to the right).
- Tap Forget or Unpair.
8. Refuse all unknown Bluetooth pairing requests
Don't accept Bluetooth pairing requests from unknown sources, as these could be malicious actors trying to spy on you. When unsure whom the request is from, err on the side of caution and deny it.
9. Unpair your phone from any vehicle you don’t own
Bluetooth hacks are prevalent in Bluetooth-enabled vehicles, so it's crucial to unpair your device from them. Examples could include a rental car, friend's vehicle, or even an Uber or taxi. By unpairing your smartphone from these vehicles, you ensure that hackers can't exploit any Bluetooth vulnerabilities.
To unpair your phone with a vehicle, refer to the steps above for deleting old Bluetooth connections.
10. Protect your devices with antivirus software
Antivirus software is a powerful cybersecurity weapon that helps protect your device. It scans programs and files as they enter your device and compares them to known viruses. Antivirus also examines programs already on your device, and searches for suspicious behavior.
If your device is infected with malware due to a Bluetooth hack, antivirus software can detect and remove it.
Has Your Phone Been Hacked? Here’s What To Do
If you think your mobile device has been hacked, here’s how you can remove the hacker and mitigate the damage:
- Eliminate any apps you don’t recognize. If you’re unsure, Google the name of the app + “safe” or “legit” — or check the App store.
- Clear (or delete) your browser’s cache, history, and downloads. Malware could be hiding there.
- Run an antivirus scan to detect malware. Use digital security software like Aura’s antivirus program to find and remove any spyware or malware on your phone.
- Reset your phone to its factory settings. After you remove all malware, reset your device to remove any leftover hacks. You can also restore to a backup made before your phone was hacked.
- Change your passwords and enable two-factor authentication (2FA). If you think one of your accounts has been hacked, immediately change your passwords and set up 2FA.
- Remove unrecognized devices from your Google or Apple ID accounts. Look for unfamiliar devices in your Apple ID device list or Google activity log, and remove them immediately.
- Recover any hacked accounts. Get in touch with your account providers if an account gets hacked, and follow their recovery steps.
- Freeze your credit with all three bureaus. Stop scammers from opening new accounts or taking out loans in your name by enabling a credit freeze with all three major credit bureaus — Experian, Equifax, and TransUnion.
- Report the fraud to your bank. Alert your bank and any impacted businesses that your mobile device was hacked. You may need to close your accounts and get new account numbers and credit and debit cards.
- Consider signing up for identity theft protection with digital security. Aura’s award-winning identity theft protection service monitors your most sensitive information for signs of fraud, protects your devices against hackers, and covers you for up to $1 million in eligible losses due to identity theft.
The Bottom Line: Don’t Ignore Bluetooth Security
Bluetooth attacks are easy to overlook. We’ve become so used to our wireless headsets, keyboards, and paired devices that we rarely think about their security. But the truth is that having your device hacked through Bluetooth can be disastrous.
Get to know the signs of a Bluetooth hack and how to protect yourself and your family. With Aura's security software, you're protected from cyberattacks, your financial accounts are monitored, and suspicious activity is detected in near real-time so that you can stop criminals in their tracks.