BID® Daily Newsletter
Oct 29, 2024

BID® Daily Newsletter

Oct 29, 2024

The Importance of Bluetooth Security

Summary: As Bluetooth usage becomes more prevalent and scammers increasingly use it as a way to hack people’s devices, CFIs should pay closer attention to related security measures.

In the 36 years since Northwest Airlines became the first airline to add miniature video screens for each passenger, seatback screens have become the standard form of entertainment for lengthy flights. Over the years, seatback screens have gotten larger, with offerings becoming more extensive, allowing passengers to choose from a selection of TV shows, movies, and even video games. Now, a handful of airlines have begun eliminating seatback screens from flights, forcing passengers to view in-flight entertainment on their own devices by downloading airline apps and connecting to their wi-fi.
As the world becomes increasingly reliant on individuals carrying wi-fi-enabled mobile phones and laptops, people have become accustomed to connecting their devices to a wide range of wi-fi sources. But while Bluetooth connections are convenient, they can also be incredibly risky and have spurred a massive increase in fraud. Community financial institutions (CFIs) need to be aware of the growing risks related to widespread Bluetooth usage and the steps required to tamp down fraud.
Bluetooth Fraud
Digital fraudsters are becoming increasingly savvy, resulting in $10B in total fraud losses in 2023, according to the Federal Trade Commission. A major factor in those losses and the amount of fraud reports received (2.6MM) is Bluetooth and the ever-growing number of devices that people use it to connect with — from wireless earphones to cars to even medical monitoring devices. On top of that, many people unknowingly leave Bluetooth pairing on after setting up new devices. It is also not uncommon for individuals to name wi-fi connections using their actual names or similarly obvious titles that make it easy for hackers to discover their identity.
Whether through bluebugging, a cyber hacking method where fraudsters exploit vulnerabilities in Bluetooth to take over control of a device, or bluejacking, where malware can be installed on a device when an individual unknowingly clicks on a malicious link, there are multiple ways that hackers hijack an individual’s device and access sensitive personal information. 
Bluetooth Security Measures
Although technology providers such as Apple have begun adding security measures to try and curtail this fraud, such as the automatic 10-minute limit on the ability of iPhones to receive photos or links from unsaved numbers, such efforts will not do much to eliminate the risks for CFIs. That’s because the initial login from a new device is crucial; it lays the groundwork for any future security specific to that device. 
To reduce the likelihood of Bluetooth-related fraud, CFIs should pay particular attention to the initial login from any new device and step up their oversight and controls over such connections. These extra precautions can be a deterrent to fraudsters, who are likely to move on to easier targets.
The following are strategies that CFIs can implement to keep themselves and their customers safe from this specific fraud type:
  • Device pairing. This limits customers to using a specific device to access an app, because it then establishes a trusted device. When the app is accessed through an unrecognized device, this can be flagged for potential fraud. 
  • Fingerprinting. Biometric authentication uses technology to verify an individual’s device through unique software and hardware attributes, which can help diminish the risk of customers’ accounts being accessed through Bluetooth hijacking. 
  • Two-step authentication. Adding an additional layer to the login process can help with customer identification. Creating a unique username and password becomes the first step of authentication, and the second step sends a one-time code to something a customer physically has, such as a mobile phone or email. Some outliers such as Revolut, a fintech, go even further by requiring customers to record a short video after logging on with their password and username combination. 
  • Customer education. Provide education on an ongoing basis about the risks related to Bluetooth usage; this can also help curtail such fraud. If customers are continuously informed of real-world statistics, along with steps they should take to enhance their individual security, they are more likely to respond. The statistics are quite staggering. Globally, there were an average of 1,158 cyberattacks per week against organizations in 2023, according to data from Check Point Research, a threat intelligence provider. CFIs should consider ongoing awareness campaigns highlighting simple steps customers can take to enhance their personal Bluetooth security, such as avoiding the use of Bluetooth in public spaces that hackers often target and regularly updating device security. 
Widespread usage of Bluetooth among an ever-increasing number of devices makes it an attractive target for scammers. Stepping up oversight of Bluetooth-related activities and enhancing security measures related to the initial login from any new device can help CFIs make themselves a less attractive target for fraudsters, as well as educating customers about the risks so that they, too, can help enhance overall security.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Using Regtech To Streamline New Regulatory Requirements
As regulatory requirements increase, regtech can help you stay compliant while also lowering costs and increasing efficiency. We discuss possible use cases.
DORA as a Guideline for Heightened Cybersecurity
As European financial institutions prepare to adhere to the EU’s Digital Operational Resilience Act, CFIs may find value in using these rules and regulations to help shape cybersecurity initiatives.