Turning off your smartphone’s Bluetooth can help us avoid risks: what they are and how to avoid them

The habit of keeping Bluetooth always active on your smartphone (and, more generally, a device) certainly makes it convenient to connect to wireless accessories, such as headphones, smartwatches and car infotainment systems. At the same time, however, this practice can be potentially dangerous. The NSA itself (National Security Agency), in a briefing paper published in 2021, suggests turning off Bluetooth when not in use. This is because Bluetooth, while reliable and secure, remains a possible attack vector. To avoid alarmism, however, let’s clarify one thing straight away: the threats we will talk about (Bluejacking and Bluesnarfing) mainly affect obsolete devices or those with insecure configurations or outdated software. On modern smartphones, equipped with cutting-edge operating systems and advanced Bluetooth protocols, the risk of real attacks is usually lower. That said, let’s see what the risks associated with Bluetooth are and how to mitigate them.

Bluejacking and Bluesnarfing: two insidious Bluetooth-based cyber traps

Let’s delve into the analysis of the threats that loom over our daily devices and start from the phenomenon known as Bluejacking. Although it is often considered the least risk since it consists primarily in sending unsolicited messages or advertising material using the “visible” mode of our Bluetooth, we must not underestimate its danger as a possible vector for phishing: an attacker could trick us into clicking on malicious links disguised as harmless communications, leading us to download harmful content. To eliminate the risk it is important to deactivate Bluetooth when not in use.

Much more insidious for our privacy is Bluesnarfing, a technique that allows unauthorized third parties to silently connect to the device and copy sensitive data and information, including contacts, email addresses, calendars and personal files; unlike the annoyance caused by Bluejacking, here we are faced with a real theft of information. Regarding this hacking technique, the security experts of McAfeethey explain:

The threat involves gaining unauthorized access to information on the Bluetooth device and exploiting vulnerabilities in the protocol. These flaws can occur due to improper device configurations, outdated software, or weak encryption protocols. (…) The scary thing is that the victim is often unaware of this unauthorized access.

How to defend yourself from Bluetooth-based cyber attacks

Having established that Bluetooth can, at least potentially, be an attack vector, let’s see 6 tips for defending yourself.

1. Limit Bluetooth activation to what is strictly necessary: ​​the first safety step is to activate the wireless module only when we actually need to connect an accessory, such as earphones. By turning it off when not needed, we instantly become invisible to the scanning software used by attackers to identify potential targets.
2. Obscuring the visibility of the device: if we need to keep Bluetooth turned on, we must make sure that the “discoverability” function is disabled in the settings. This allows us to maintain the connection with our already saved devices, while preventing nearby strangers from seeing our device in the list of available ones. To do this on Android, you need to go to the Bluetooth settings, tap the three dots, select the Other settings item and then deactivate the Visible to other devices option (the wordings and steps may vary depending on the version of Android in use); on the iPhone, however, since the device is only discoverable when you are in the pairing screen, it is sufficient to exit the settings screen to make the “iPhone” invisible to other devices present nearby. And regarding AirDrop on iPhone, remember to enable the Everyone for 10 minutes option only when actually necessary.
3. Choose carefully where to pair: it is best to avoid configuring new connections (the so-called pairing) while we are in crowded or public places, such as stations or shopping centres. In these contexts, an attacker could monitor frequencies waiting to intercept the initial data exchange. It is always preferable to carry out these operations within the walls of your home or office.
4. Block any unsolicited request: if a pop-up suddenly appears on your smartphone screen requesting pairing with a device we don’t know, you must refuse the request without hesitation. Ignoring or canceling these suspicious requests is the first line of defense against unauthorized access attempts.
5. Keep your system up to date: Manufacturers constantly release patches to fix security flaws discovered in Bluetooth protocols. Regularly installing the latest operating system and firmware updates for our accessories is the only way to be protected from the latest threats.
6. Clean up saved connections: a good “digital hygiene” rule is to periodically review the list of associated devices and delete those that we no longer use or that we have connected in temporary situations. This prevents devices from automatically reconnecting to systems we no longer have full control of.