Skip to Content
Security & privacy

Bluetooth flaw allows hackers to track your devices

Millions of Americans use the Bluetooth function on their smartphones, laptops and wearable devices several times throughout a day. Many leave Bluetooth on all day.

It’s something we don’t give much thought to, but new research has found that in some devices a flaw in how Bluetooth functions could allow hackers to track you. That turns your Bluetooth into a wide-open door that lets hackers gobble up sensitive personal data.

Read on to learn what the Bluetooth flaw is and how it leaves your devices at risk of being hacked. We’ll also offer tips on what you can do to protect your gadgets.

Hacking into Bluetooth

The very technology that aims to keep your Bluetooth from being tracked and hacked is the very one that can make your devices vulnerable. To avoid tracking, Bluetooth is continuously changing identifying tokens and using random MAC addresses.

Researchers at Boston University found that the identifying token and the random MAC address changes do not sync at the same time. During the lag between the syncing, hackers can use an unchanged identifying token to grab the new incoming address.

At that point, hackers not only can follow your device, but they can also get information about its identity and your user activity. This flaw was found in the latest Bluetooth 5 standard and impacts macOS, Windows and iOS devices.

If this flaw is not fixed, hackers could eventually combine purchase transactions, facial recognition, and other sensitive information with the device’s tracking data to create a profile of the user.

The only way to fix this flaw is to make sure the changes in identity tokens and MAC addresses are synced. But don’t expect Apple or Microsoft to move quickly on the problem.

The researchers presented their findings to the two companies in November 2018. Neither company has taken steps yet to fix the flaw, which is puzzling since Apple’s iOS 11 had a major security problem with its Wi-Fi and Bluetooth functions.


Related: Do you have a hackable car? Here’s how to protect yourself


Stopping Bluetooth hackers

The Bluetooth flaw is found on Windows 10, iOS and macOS devices. These devices include iPhones, iPads, Apple Watch models, MacBooks, as well as Microsoft tablets and laptops. Unlike Windows and Apple products, Androids are immune to this flaw because they do not actively and continuously track the device while in Bluetooth mode.

Just because Apple and Microsoft aren’t taking action on this flaw doesn’t mean you can’t protect yourself. For iOS and macOS devices you merely have to turn Bluetooth on and off. That breaks the communication chain the hacker is trying to latch onto. This is a temporary fix until the flaw is fixed permanently, hopefully, that isn’t too far down the road.

It’s not so easy for Microsoft devices using Windows 10. Going to the Settings Panel and turning Bluetooth on and off doesn’t work, as it merely pauses the communication chain.

To break the chain, users have to completely disable the Bluetooth function using the Windows Device Manager and then re-enable it.

Devices using Bluetooth are projected to grow from 4.2 billion to 5.2 billion between 2019 and 2022. When you consider how many millions of gadgets this Bluetooth flaw affects now and could in the future, you would think Microsoft and Apple would get right on it.

Maybe they’re taking a gamble that hackers aren’t smart enough or fast enough to exploit the flaw. That’s not a gamble we would be willing to take.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days