Pairing to a Bluetooth headset, or pairing to a cybercriminal?

Aug 6, 2018 3:39:30 PM  |  by Henry Laurx

As of just last week (mid-July), yet another Bluetooth exploit has been discovered. On average, a Bluetooth device is paired with a phone or computer between one and three times a day. These momentary pairing sessions are the perfect opportunity for the sketchy guy sitting across the café to intercept your cryptographic key and potentially inject malicious code into your device. While the odds of someone hacking your device through Bluetooth are fairly low, you should still remain keenly aware of where and how you pair devices through Bluetooth. Hacking via Bluetooth isn’t easy, but if a cybercriminal knows what they’re doing, they could inject malware by the time you’re finished having lunch.

How do Bluetooth exploits work?

A Bluetooth exploit is possible because Bluetooth does not require that devices have both Bluetooth LE (Low Energy), and BR/EDR (Basic Rate/Enhanced Data Rate) implementations. If Bluetooth mandated that every device have LE and BR/EDR, then a short-range exploit would not work. The fact that some devices do not have both LE and BR/EDR causes the elliptic curve parameters used to generate the public keys for data encryption to be insufficiently validated. Within this insufficient validation, a man-in-the-middle can inject an invalid public key to determine the session key with high probability.


Once the attacker obtains the session key, they can spy on and track encrypted data transfers, and possibly inject malware. For this attack to be successful, the threat actor would need to be within Bluetooth range of the two devices that are being paired together, and both Bluetooth devices would need to have a vulnerability (either no LE or no BR/EDR technology). The attacker would also have to work very quickly, as they will only have a narrow time frame to execute this attack.

Avoiding a Bluetooth Hack

A couple of simple ways to avoid being hacked via Bluetooth is to pair your devices when nobody is near you (in your car or at home), or just avoid using Bluetooth in public altogether. If you are at all suspicious, disable Bluetooth on your device until it’s safe to pair your devices. To find more about LE and BR/EDR technologies, visit

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Related Articles

What Is Threat Modeling? pen testing, mss, threat intel

What Is Threat Modeling?

Year after year, cybersecurity risks continue to be a growing concern for companies of all sizes. From system data ...
3 Tools to Test Denial of Service Vulnerability pen testing, vulnerability, mss

3 Tools to Test Denial of Service Vulnerability

Denial of Service (DoS) attacks have been orchestrated by a multitude of threat actors, from nation-states to vigilante ...