Introduction
Bluetooth is on every device you own — your phone, your laptop, your headphones, your smartwatch, your car, your keyboard. Most people leave it enabled 24/7 and never think about it. But Bluetooth is a radio protocol, and radio signals don't stop at your pocket. Your devices are constantly broadcasting their presence to anyone within range — and that range is bigger than you think.
Over the years, researchers have discovered a parade of serious Bluetooth vulnerabilities: BlueBorne, KNOB, BIAS, BLURtooth, BLESA, BrakTooth, and more. Each one demonstrates that the wireless protocol connecting your most personal devices has fundamental security weaknesses that affect billions of devices worldwide.
How It Works
Bluetooth operates in the 2.4 GHz ISM band and uses a discovery and pairing process to establish connections. Even when not actively paired, devices in discoverable mode broadcast their name, device class, and services. Some devices broadcast even in "non-discoverable" mode — their MAC address can still be detected by active scanning.
BlueBorne (2017) was a set of eight zero-day vulnerabilities affecting Android, iOS, Windows, and Linux. It allowed attackers to take over devices, spread malware, and intercept communications — all without any user interaction or pairing. An attacker simply needed to be within Bluetooth range (up to 30 feet, more with directional antennas).
The KNOB attack (Key Negotiation of Bluetooth, 2019) exploited a flaw in the Bluetooth protocol itself, forcing devices to use an encryption key as short as one byte. This effectively disabled encryption, allowing an attacker to eavesdrop on all Bluetooth communications between the paired devices.
BrakTooth (2021) exposed 16 vulnerabilities across commercial Bluetooth stacks used in over 1,400 product listings. Attacks ranged from denial of service (crashing devices) to arbitrary code execution. Affected products included laptops, smartphones, audio devices, and industrial equipment.
Bluetooth tracking is another concern. Apple AirTags, Tile trackers, and similar devices use Bluetooth Low Energy (BLE) to broadcast their location. Researchers have demonstrated that BLE advertising packets can be used to track individuals over time, even without dedicated tracking hardware — the unique advertising patterns of your devices serve as fingerprints.
The Impact
Bluetooth vulnerabilities affect billions of devices. BlueBorne alone potentially impacted 5.3 billion devices. Many of these devices — especially IoT devices, older cars, and embedded systems — will never receive patches. They'll remain vulnerable for their entire operational lifetime.
The tracking implications are equally concerning. Researchers at UC San Diego demonstrated that Bluetooth Low Energy signals from phones, smartwatches, and fitness trackers have unique fingerprints caused by manufacturing imperfections in the radio hardware. These fingerprints can be used to track individuals even when the device rotates its MAC address.
How to Protect Yourself
The most effective protection: turn off Bluetooth when you're not actively using it. Modern phones make this easy with quick settings toggles. If you need Bluetooth for headphones or a smartwatch, turn it off when you're in public spaces where the risk is higher.
Keep your devices updated. Many Bluetooth vulnerabilities have been patched in OS updates — but only if you install them. Remove old Bluetooth pairings you no longer use. Don't accept pairing requests from unknown devices. If your device supports it, use Bluetooth 5.0 or later, which includes improved security features.
For high-security environments, consider using wired alternatives where possible. A wired keyboard can't be sniffed over Bluetooth. Wired headphones don't broadcast your presence.
The Bigger Picture
Bluetooth was designed for convenience, not security. It was meant to wirelessly connect devices over short distances — a simple replacement for cables. But as Bluetooth has been embedded into billions of devices and tasked with increasingly sensitive functions (unlocking cars, processing payments, tracking health data), its security limitations have become a serious liability. Every device with Bluetooth enabled is a radio transmitter broadcasting to the world. The question isn't whether Bluetooth has vulnerabilities — it's how many more haven't been found yet.
