Wi-Fi/Bluetooth Are as Friendly as a Golden Retriever
How comfortable would you be walking alongside someone who is constantly yelling: “Hey, do I know you?!! Hey, do I know you?!!! Hey, I know you? let’s talk”? That is pretty much what you are doing every time you walk around with the Bluetooth/Wi-Fi turned on in your mobile devices (Laptop, Phone, etc.).
All wireless connections are saved by the device for your convenience; this is done in order for you not have to remember the passcode or have to go through the pairing process every time you want to use your noise-canceling headphones, for example.
This feature is very useful and, honestly, necessary. Imagine having to go through the Bluetooth pairing process every time you enter the car. The purpose of this post is to provide you with some insight into how easy you are making it to the attackers to steal your private information or spy on “EVERYTHING” you do.
The wireless protocols covered in this posting are: Bluetooth, a short-range connection utilized to controls a device wirelessly, and Wi-Fi, a long-range connection that your mobile device/laptop uses to access an internal network and the internet.
Every time your device creates a connection with another device, a trusted relation is established. Therefore, the next time the device encounters that known connection it, will willingly provide any and all information to its trusted friend. Just like you when you find a friendly face in an unfamiliar location. All mobile devices, including your laptop, are broadcasting (yelling) their known connections: “Are you Starbucks?”, “Are you the Hyatt Hotel?”, are you [insert location here]?”.
The device only knows the name of the friendly connection, it’s like you yelling into a dark room: “Joe, are you here” and someone responding: “Hey, I am Joe” and the name was the only information you needed to start a conversation with “Joe”. What you don’t know is that his real name is Mark and not Joe, he just said he was Joe to fool you into talking to him.
What Could Go Wrong?
A technique called spoofing is used to fool your mobile device to connect and create that trusted relationship. Your device wants to provide you with the best experience, therefore it will always try to connect to the strongest known signal. All an attacker will need to do is place an access point with a very strong signal and name it “Starbucks”, for example, for your device to connect to it. Just like any trusted relationship nothing is off-limits.
Two types of risk presented by this type of interaction are man-in-the-middle and device hijacking. Today’s posting concentrates on the device’s hijacking risk, the location where the attacker introduces malware to your device after creating the trusted connection, takes control of your device’s camera and reads your personal messages.
A Good Example
Now close your eyes and imagine you have a friend that is constantly telling everyone where you have been, your deepest secrets (You 
My Little Pony) and your medical history (Vulnerabilities). Most of the devices (Access Points) that provide entry to the internet use the names of the business facilitating this pathway. The hotels you stay in, that funny name of your home access point, the place where you get your coffee, that hospital you spend the weekend on, etc.
Other information your device is yelling all the time is who they are (Jane’s phone, G.O.A.T.’s Laptop), and the type of device they are (IOS, Android, Dell, etc.). You might think: “Who cares? Anyone can see what I have in my hand”; although that is true, remember that it will be required for them to be near your purview in order to do so. On this remote interaction, they have more information about you, your name and device, without you even noticing them.
Conclusion
Well, now that the attacker knows your device’s specifications, it is easier to identify the types of vulnerabilities (holes) your device has and if you like to postpone updates, Jackpot!
The funny part of the whole thing is that this is one of the easiest risks to protect against, it takes no more than 2 seconds.
“Turn the Bluetooth and Wi-fi off when not in use”, that is it, the solution is completely free.
