How are Bluetooth LE-enabled devices safer than Bluetooth-enabled devices?
- Bluetooth LE is a ‘Low Energy’ variant of Bluetooth that is introduced was version 4.0 of the protocol.
- It reduces energy consumption while data is transferred between two devices such as smartphones, laptops, headsets, and tablets.
Bluetooth technology has its own perks and demerits. While it can be used for the transfer of files, pictures, and documents, malicious actors, on the other hand, can misuse it to intercept communication and alter data.
How is Bluetooth LE different from Bluetooth?
Bluetooth LE is a ‘Low Energy’ variant of Bluetooth that was introduced in version 4.0 of the protocol. As the name implies, Bluetooth LE reduces energy consumption while data is transferred between two devices such as smartphones, laptops, headsets, and tablets.
Bluetooth 5 has been further optimized in terms of communication range, thereby making Bluetooth an extremely versatile and capable wireless technology.
Unlike Bluetooth that allows data to hop across a large number of predefined channels, Bluetooth LE includes three channels which are called ‘advertising channels.’ These channels are used to broadcast plain-text information while hiding the real address.
For example, if a device broadcasts regularly on the plain-text advertising channels, a malicious actor could use the address of the device to hijack it and steal information or conduct eavesdropping. Bluetooth LE allows the device to hide its real address during advertising by allocating a random address instead.
How it impacts?
The tracking of addresses broadcasted by wireless devices can put consumer, business and government data at risk.
In the context of governments and businesses, such hacks can elevate the privacy concern. Threats actors can create botnets to amplify the attack on a global scale.
How can we protect ourselves?
Although Bluetooth LE-devices are more optimized that Bluetooth-devices, they can still be exploited by attackers for their malicious activities. Hence, general users and businesses should follow a few basic steps to protect against such attacks such as:
- For Windows, macOS and iOS devices, disabling and enabling the Bluetooth service will reset both the address as well as the message content.
- As a general rule, users should ensure they disable the service whenever it is not in use.
- For organizations, the vulnerabilities and risks associated with the devices should be secured before they are exploited by attackers.