Security experts warn smartphone users and general owners of miscellaneous Bluetooth-enabled devices of a new cyber threat in which hackers have found a way to “take over your device,” Kurt the Cyber Guy said Friday on Fox News.
“This is a profound security risk, this is a big deal and it’s a big deal because this is something that is so pervasive. Everybody uses this [Bluetooth] and for the first time they [hackers] have figured out how to get into it [devices] without you even knowing it,” Kurt told “Fox & Friends.”
Kurt explained that Bluetooth uses a technology that negotiates in short-range, facilitating a wireless “lovefest” between the two devices to make a connection.
“We know it with our headsets and everything else we use," he said. "For the first time though, the organization that writes the standard for this has issued a warning stating they have to completely change the way that [Bluetooth] negotiates and rewrite the books here because hackers have found a way to just manipulate those negotiations so they can take over your device, potentially getting the information on each side of the device.”
Kurt says there is “good news” that Bluetooth users can do to prevent such hacks.
“For example on an iPhone or iPad, you can hit 'settings' and then also go right there to Bluetooth and you can look at the list of the devices that are there. You review those,” he said.
Kurt advised removing devices off the Bluetooth docket in the settings field on a smartphone or turning it off completely. “What you can do is turn it off when it is not in use,” he said.
Or instead of turning it off, “you can taper your use of it until updates are coming.” Tech giants Apple, Google, Android, and Microsoft “are all working on patches that would stop that negotiation from happening.”
“This is severe enough that they have for the first time changed the entire protocol of Bluetooth.”
"Fox & Friends" quoted a statement from a Bluetooth spokesperson, saying “The Bluetooth Special Interest Group (SIG) prioritizes security and the specification provides advanced security features that adhere to global requirements.”