Cybersecurity: Weaponizing the Smartphone Accessories We Use Everyday

September 30, 2021 - 6 minutes read


Nowadays, we constantly hear about new data breaches that victimize hundreds of thousands of unsuspecting people. In fact, in 2020 alone there were nearly 4,000 publicly disclosed data breaches with over 37 billion compromised records as a result. And, whether it’s a simple phishing attempt or a full-blown ransomware attack, the consequences can be catastrophic for both an organization and its consumers. As companies cross-country struggle to ensure the resilience and protection of client-sensitive data, as a  Seattle-based app developer, we’re looking to put an end to software-based threats.

Interestingly enough, a large part of society has a tendency to believe that data breaches and cyber attacks stop at IoT devices such as smartphones and laptops. However, this simply is not true. Rather, cyber attacks can occur on nearly any device or gadget that has the ability to digitally connect to an IoT device, which we will explain in further detail throughout this article. 

For the time being, however, we want you to think about all of the wireless devices you use with either your smartphone or laptop. In other words, think about all of the gadgets you use that operate via Bluetooth. It’s probably quite a few, right? 

Well, what if we told you that each of these devices has the potential to be “hacked” and exploited by cyber criminals? The sad reality is that even devices which don’t have direct internet capabilities are still vulnerable to cyber attacks.

Throughout this article we will highlight a couple of Bluetooth gadgets that have become “hot targets” for hackers due to vulnerabilities discovered within these devices. With these examples, we hope to inform and expand the security awareness surrounding these devices, and call attention to the threats they can face when left unchecked. 

Apple’s AirTag Used as a Trojan Horse

For those who may be unfamiliar with the Apple AirTag, it’s a small tracking device designed to be attached to personal objects such as car keys or a wallet. In essence, this device works by sending periodic messages that can be used to track these objects from your iPhone. Likewise, if a “good samaritan” finds this object, they can simply scan the AirTag with their smartphone and it will provide them with a number to contact the owner.  

Pretty cool, right?

However, it’s recently been discovered that even Apple’s AirTags are susceptible to foul play. How so? Well, when an AirTag is set to “Lost Mode” this generates a unique URL that allows the owner to submit a message and phone number, viewable by anyone who finds and scans the device.

The issue with this concept is that Apple doesn’t prohibit the injection of malicious code into the phone number field. Consequently, the “good samaritan” who finds the AirTag may be wheeling in a Trojan Horse attack designed to send them to a phony website, ultimately compromising their personal data. 

Now, Apple is pretty solid when it comes to zero-day flaws, so they’re well aware of this vulnerability and are actively patching it. However, this is just one example of how even the accessories we use for our smartphones can be turned into digital weapons by hackers trying to steal our private info.

Are Your Bluetooth Headphones Spying on You?

Don’t you just hate it when you’re listening to your favorite song on your bluetooth headphones and then all of a sudden the station changes? Well, even though this is annoying, it’s probably the result of a lesser issue than exploitation. However, a recent study shows that bluetooth headphones aren’t immune to digital foul play. 

In this study the researcher was able to intercept over 1.7 billion Bluetooth messages from 9,000 bluetooth transmitters and 129 headsets, all with easily accessible equipment. But, how were they able to track these devices? Interestingly enough, many bluetooth devices including headphones still use a static, or fixed MAC address making them incredibly easy to track.

Similarly, a recent revelation of 16 security vulnerabilities poses a significant threat for millions of Bluetooth-enabled devices including laptops, smartphones and IoT devices. Formally known as “BrakTooth”, this set of vulnerabilities can crash the affected BT devices with DoS attacks, or even deadlock them via the injection of malicious code. And yes, this includes those Bluetooth headphones we’ve been talking about. 

Even though we don’t often think of smartphone accessories as being a potential target for hackers, it’s important to note that malicious entities will exploit anything that they can gain physical or digital access to. Therefore, it’s vital that we remain security-minded when using anything from smartphones, to gadgets as simple as our wireless headphones.

Here at Dogtown Media, we’re dedicated to helping our clients navigate the ever-evolving considerations around cybersecurity. With over ten years of app development for businesses of all sizes and industries, we are confident we can ensure your apps are protected and resilient from today’s most sophisticated attacks.

Tags: , , , , , , , , , , , , , , , ,