You intuitively know why you should bolt your doors when you leave the house, and add some sort of authentication for your smartphone. But there are lots of digital entrances that you leave open all the time, like Wi-Fi and your cell connection. It’s a calculated risk, and the benefits generally make it worthwhile. That calculus changes with Bluetooth. Whenever you don’t absolutely need it, you should go ahead and turn it off.
Minimizing your Bluetooth usage minimizes your exposure to very real vulnerabilities. That includes an attack called BlueBorne, announced this week by the security firm Armis, which would allow any affected device with Bluetooth turned to be attacked through a series of vulnerabilities. The flaws aren’t in the Bluetooth standard itself, but in its implementation in all sorts of software. Windows, Android, Linux, and iOS have been vulnerable to BlueBorne in the past. Millions could still be at risk.
So, yeah, turn off Bluetooth if you’re not using it, or nearby anyone you don’t trust. There might be some inconvenience when you bring your laptop to your desk and want it to connect to a Bluetooth mouse and keyboard. You might end up flipping the switch fairly often to use Bluetooth headphones. But you likely don’t use Bluetooth most of the time. Even if you lean on it all day at work, you can ditch it at a birthday dinner, or when you’re asleep. And if you use it 24/7 on your phone because of a peripheral like a smartwatch, you can at least turn it off on your other devices, especially any Bluetooth-enabled Internet of Things gear.
“For attackers it’s Candyland,” says David Dufour, the vice president of engineering and cybersecurity at the security firm Webroot. “You sit with a computer with a Bluteooth-enabled radio—just scanning for devices saying, ‘Hey, is anybody out there?’ Then you start prodding those devices to look for things like the operating system and the Bluetooth version. It’s a hop, skip, and a jump to start doing bad…