Bluetooth Security Flaws

Many companies don’t monitor or protect against bluetooth connections.

Typically information security is limited to information transmitted over a wireless access point or firewall. Bluetooth connections don’t go through a central device that could regulate or monitor the information that is traversing it. So a single infected bluetooth device can infect many other devices quickly and without much resistance.

The majority of Android phones, tablets, and wearables — except devices only with Bluetooth Low Energy — are vulnerable to two memory corruption-based remote code execution flaws, an information leak bug, and a data intercepting man-in-the-middle attack.

Panic buttons

Panic buttons can be blocked and tracked

Panic buttons are typically paired with a cell phone over bluetooth. Flooding the phone with connections does not break the connection between tested panic buttons. However, it does prevent them from establishing a connection to start with. So if timed correctly, say if the vi it would prevent the connection and the victim may not be aware the button has no functionality.

Additionally, 2.4ghz jammers could potentially be used to block any communication.

A well-designed panic button should trigger in the event it does become disconnected however. For example if the phone even loses a connection to it, it should call 911, or if the cell phone itself loses network connection, the remote system monitoring it should alert someone.

Thoughts on a better panic button

Certain frequency ranges can be blocked via the FCC for all wireless devices, so there is no interference. A certain range could be used for a panic frequency. That way if a frequency is ever blocked in an area of town, authorities would see the interference and be called to investigate. It would otherwise be open to a distress call and authorities would come investigate.

Additionally, that could be supplemented with something wearable that monitors consciousness and stress levels along with a combination of other vitals to identify someone that needs help and send the appropriate signal without them having to push a button. So if someone gets hit by a car in a hit and run or attacked from behind, authorities are notified automatically.

Lastly, with the ability for devices to read body metrics, it’s probably possible now for a machine learning program to be able to identify when we are actually in danger and in need of assistance, with a good amount of accuracy, without us having to even push a button. Certainly there must be patterns in data that could be read in regards to the state of our body in times when we need immediate help and when we do not. We can panic in all situations, but we don’t need help in all situations.

Remote sexual assault and pranks via bluetooth sexual aids

Bluetooth-enabled sex toys are years behind where they need to be when it comes to security.

The only way to be 100% secure over bluetooth is to disable bluetooth

In security, nothing is 100%, and bluetooth is not an exception. New methods will continue to be discovered, such as blueborn, which only required bluetooth to be enabled on the mobile device. Blueborn was discovered in september 2017 and has been patched on major operating systems such as ios and android.

Estimates of 250,000,000 connected cars on the road by 2020 (worldwide)

A connected car is a car that has network access, typically internet access. That will mean more bluetooth accessories and more of a reason to have bluetooth connectivity with your car. Some of these devices may not have the best security and yet will be able to access your car’s network. Cars will be able to be taken control of to varying degrees. Here’s an example of what can happen when a car is controlled remotely:

Additional Thoughts

Bluetooth security for any device that can communicate with a car system will hopefully be regulated so that it is of a higher standard, and additionally any driving mechanisms should be made to be impossible to control via network access of the car. Even if a cars’ wireless access was 100% hack-proof AND disgruntled employees didn’t exist, connected cars would be vulnerable to a bunch of assholes carrying guns taking over a control center and telling half the cars out there to slam on their brakes.