It’s hard to believe Bluetooth technology is just 20 years old when you consider 4 billion Bluetooth devices were shipped last year. The first Bluetooth headset launched in 1999, quickly followed by wireless mice and keyboards, dongles and the Ericsson T39 phone, which hit the shelves in 2001.
Today, Bluetooth technology is a major component in audio and entertainment systems, personal devices such as tablets and phones and even automotive design. It also powers the Internet of Things and its army of connected smart devices. There are currently 26 billion connected devices in use worldwide, a number expected to hit 75 billion by 2025.
Clearly, Bluetooth is convenient, but this wireless efficiency isn’t without risk.
Why you should turn off Bluetooth
Although Bluetooth technology uses advanced encryption protocols, it’s still vulnerable to attack. Device pairing is the first point of weakness for man-in-the-middle attacks.
When you pair two devices, like a phone and earbuds, for example, a digital “handshake” takes place. The two devices communicate back and forth to find a secure link to transmit a shared encryption key so the devices can safely connect. Eric Faucette, lead engineer at Novus Labs in Hillsboro, Oregon, said man-in-the-middle attacks exploit this dance between devices to gain control of your phone.
“The man-in-the-middle is a third device the other two aren’t aware of,” he said. “It listens to this back-and-forth conversation between devices and hijacks it with a Bluetooth packet that each device believes came from the other.” This packet forces the two devices to decrypt, which makes them vulnerable to a takeover by someone you don’t know.
Your device need not be in pairing mode to be attacked, either. In 2017, Armis Lab uncovered a new Bluetooth attack dubbed “BlueBorne.” This attack only required Bluetooth to be activated; when Bluetooth is on, your device is open and available to connections.
Although device manufacturers worked quickly to eliminate the BlueBorne vulnerability, a year after it was discovered some 2 billion devices were still susceptible to attack.
Faucette said the best way to protect yourself against Bluetooth attacks is to automatically update your device so you have the latest software version. “Bluetooth attacks are software bugs,” he said. “Poorly implemented applications lead to unexpected vulnerabilities.” Running the most recent software on your device ensures you have the strongest protection.
How to turn off Bluetooth
Bluetooth technology is built into most devices and “on” is the default setting. Faucette said there’s no nefarious intent behind the default settings; device manufacturers try to make the out-of-the-box experience as convenient as possible for consumers. Fortunately, it’s easy to change the default settings on most devices.
How to turn off Bluetooth on iPhone
Apple changed its Bluetooth settings with the release of iOS 11; you can now turn off Bluetooth completely or simply disconnect from all non-Apple devices.
To disconnect from non-Apple devices, open the Control Center and tap on the Bluetooth icon. This disconnects everything but Apple devices such as your Apple Watch. Note, however, that the connection setting resets overnight, so you’ll have to do this every time you want to uncouple from other Bluetooth devices.
To permanently turn off Bluetooth on your iPhone:
- Open the Settings app.
- Scroll down and tap Bluetooth.
- Tap the toggle switch from green to white to turn off the Bluetooth radio.
How to turn off Bluetooth on Android phone
The process to turn off Bluetooth depends on your device manufacturer and model. There’s no overnight disconnect option as there is for iPhones; once you turn off Bluetooth, it’s shut down until you enable it again.
These steps should work on most Android devices:
- Open the Status Bar.
- Tap the Bluetooth icon near the top of the screen to turn it off.
- If Bluetooth isn’t available on your Status Bar, open the Settings app.
- Tap “Wireless and Network” and select Bluetooth.
- Tap the toggle switch to turn off Bluetooth.
The BlueBorne attacks left many consumers wondering if there were safer alternatives to Bluetooth technology. Near-field Communication, or NFC, is similar to Bluetooth because it uses radio waves to send and receive data between two devices.
The technology actually predates Bluetooth; early Android devices used NFC for instantaneous “touch pairing” between two devices. Some Samsung Galaxy phones also used NFC technology for file sharing between devices.
NFC only has a functional range of about 4 inches, which may be why the technology never gained traction with device manufacturers and consumers. NFC is great for instant cashless transactions and opening electronically locked doors, but it can’t continually transmit information between devices the way Bluetooth can. It’s also vulnerable to hacking just like Bluetooth.
Bottom line? Bluetooth is the wireless technology of choice for most device manufacturers and unless there is a concerted effort to invest in hardware and software infrastructure to support NFC or other similar technology, Bluetooth is the only game in town.
Faucette says that’s not necessarily a bad thing, especially if you keep your devices up to date. Once two devices have been paired by a shared encryption key, the connection is quite secure. The latest Bluetooth technology uses one of two encryption protocols, the Advanced Encryption Standard (AES) or Elliptic Curve Cryptography (ECC), both of which have no known vulnerabilities and comply with the Federal Information Processing Standards for data security.
It’s still a good idea to turn off Bluetooth when it’s not in use and be vigilant about software upgrades. “With an updated device, the average consumer is pretty safe,” said Faucette.