Kamala Harris is right to be wary of Bluetooth headphones
It doesn't happen often, but Bluetooth connections do get hacked.
Vice President Kamala Harris is concerned about Bluetooth security. Should you be?
Vice President Kamala Harris has long sported wired earphones, appearing on the campaign trail and in media appearances with technology that is increasingly becoming passe.
Three of her former campaign aides now tell Politico's West Wing Playbook that Harris won't upgrade to Bluetooth-connected buds because she's concerned about the security of the Bluetooth connection required to use them.
Harris also favors texting to email for the same reasons, according to the aides, who Politico quoted anonymously. That caution makes sense given the political upheaval caused by former presidential candidate Hillary Clinton's use of email, as well as the leak of her former adviser John Podesta's correspondence.
Harris' concern about using Bluetooth earphones is bound to raise questions for people with less weighty responsibilities than the vice president. Bluetooth is widely used by countess people to connect earbuds, smartwatches and all kinds of other devices to their phones and laptops ,
Turns out, the veep has a point. Cybersecurity experts say high-profile politicians, like Harris, and other VIPs, might want to skip on Bluetooth. The connections, which require two devices to pair in order to wirelessly share data, can be hacked, putting the information being transmitted at risk.
Clay Miller, chief technology officer for SyncDog, which focuses on mobile security, notes there have been successful attacks that allowed a cybercriminal to use a Bluetooth connection to take control of a device and install malicious code. The code allowed the hacker to eavesdrop on conversations, both taking place on the phone in question and those nearby, by turning the phone into a secret microphone.
As a result, Harris is "absolutely right" to be wary of Bluetooth headphones, says Jason Kent, hacker in residence at Cequence Security. "She has conversations every day that could potentially be used by those in the business of listening."
Smash and grab
On top of the eavesdropping threat, Kent said, cybersecurity researchers have been able to use Bluetooth to exploit security vulnerabilities on some phones. They then extracted information, including corporate credentials.
Slightly cruder attacks involve the use of Bluetooth scanning -- basically monitoring for devices nearby that are broadcasting a Bluetooth signal, says Chuck Everette, director of cybersecurity advocacy for Deep Instinct. Common thieves will, for example, scan a vehicle for Bluetooth signals coming from hidden electronic devices, then smash the windows and grab the devices.
"Criminals love using this technique, because it not only gets them the electronic device but also the purse or briefcase that might've been locked up with the device," Everette said.
Of course, a criminal needs to be up close to hack a Bluetooth connection. Such attacks are usually carried out within Bluetooth range, which is about 30 feet. (Miller notes a handful of documented attacks that have been deployed from as far as 300 feet away, but they're outliers.) Getting that close to the vice president isn't easy.
Given the political and security stakes, Harris is probably wise to keep her Bluetooth connection turned off. Most people, however, don't have to go to the trouble.
Miller notes that a person is only as vulnerable as their data is valuable. But those who keep their work and personal data on the same device might want to be a bit more careful.
For most people, the greatest risk might be someone listening in on a sensitive conversation between them and their doctor or lawyer, Kent says. Obviously, that's not the type of conversation you'd want a stranger eavesdropping on. But it's lower stakes than national security.
If your tolerance for risk is low or you have doubts about the security of your Bluetooth connection, a fix is simple. Turn off Bluetooth when you're not using it.