Are Bluetooth Keyboards Secure? (Solved and Explained)
This site contains affiliate links to products, and we may receive a commission for purchases made through these links.
In a nutshell, if you buy a Bluetooth keyboard from a reliable manufacturer and set up and use it correctly, there is nothing to worry about.
However, there are certain things that you can do for your own peace of mind, like use memory chips with enabled read-back protection features, for example.
Looking for more tips on how to make your Bluetooth keyboard even more secure? I will share a few pieces of advice further on.
But first, letโs have a closer look at how these things even work.
How Does Bluetooth Work?
What can be more annoying than trying to figure out which wire goes where? Possibly, attempting to untangle headphone cords.
Thankfully, with the development of technologies, we started using fewer wires and now we have one reason less to be stressed out.
But enough of the drama. How does Bluetooth, one of the most popular wireless connections, work?
It is a radio-wave technology that can be compared to radios, cordless telephones, and Wi-Fi. The biggest difference is that people can use Bluetooth to communicate over very short distances. And thatโs typically around 30 feet.
There are more powerful devices that can get the job done even in a radius of 330 feet, but ordinary consumers rarely use such technology.
Bluetooth has 79 available channels on a frequency band between 2.402 and 2.480 GHz. These frequencies have been reserved specifically for use by medical, industrial, and scientific gadgets.
The fact that Bluetooth technology can switch between 79 channels actually improves the gadgetsโ security. Shifts are made thousands of times per second. However, initially, that was done to ensure that the connection doesnโt interfere with other appliances (and security came as a bonus).
The main pros of Bluetooth are that it uses little power and that itโs a great way to link devices in an ad hoc way (one gadget becomes the โmasterโ, while the other is a โslaveโ).
Bluetooth technology is also constantly evolving, but, unfortunately, so are the ways of hacking into the network.
What Types of Keyboards Are There?
Just to quickly remind you โ a Bluetooth keyboard is a wireless keyboard. But not every wireless keyboard is a Bluetooth one.
Wireless options also include infrared and 2.4 GHz Wi-Fi models.
All these keyboards need batteries, have a limited range, and can be sensitive to interference. There are models that also come with a mouse as part of the wireless package. Some keyboards are compatible with other devices, for example, TVs.
Bear in mind that experts consider the Bluetooth type to be the most secure wireless keyboard.
Is Bluetooth Secure?
To be completely honest, a wireless connection is always less secure. The good-old wires make it more challenging to crack the communication.
You might have heard plenty of horror stories about hackers and Bluetooth technology. Bluebugging, bluejacking, and bluesnarfing are actually a thing.
Those are types of attacks that use Bluetooth links. A hacker might take control over the computer or smartphone and be able to view personal data.
Bluesnarfing is about getting private information, while bluejacking involves sending ads and other messages onto other gadgets. Bluebugging simply takes advantage of any security vulnerabilities that your device might have.
But donโt worry. Firstly, a lot of devices are already released with a defense against such attacks. Secondly, the attacks might require you to physically establish a connection with an unknown device (and you certainly wouldnโt do that, right?). Thirdly, the hacker has to be relatively close to you as Bluetooth works on short distances.
Are Bluetooth Keyboards Secure? Here Are Some Test Results
Now, letโs focus on keyboards.
In this study, three different Bluetooth keyboards were put at test โ 1byone keyboard, Logitech K480, and Microsoft Designer Bluetooth Desktop Keyboard.
The best thing about the research is that different attacker perspectives were considered. The first โhackerโ didnโt have physical access to the device, while the second one had such an opportunity.
Here are the studyโs main extracts:
- If a hacker has direct physical access to your Bluetooth keyboard, he can easily get his hands on any information. The students analyzed the hardware design and configuration and found out that the Bluetooth link key, for example, was stored as plain text on an EEPROM chip in the first two keyboards.
A professional wouldnโt have any trouble getting his hands on the sensitive data from the third keyboard as well. Conclusion: if a hacker has a chance to literally take your Bluetooth keyboard apart, he will have access to all sensitive information that the person can use to perform further attacks. - A problem with Bluetooth devices is that they remember their previous connections. So, it is possible for a hacker to establish a connection with your computer or smartphone, if you have lost your keyboard that has been connected to the device. The same can happen if you decide to sell your headphones or keyboard.Conclusion: the hacker can extract the Bluetooth address and link key from a device that you have lost or sold. In such a way, he will get access to the host system.
Fun fact: the researchers โturnedโ the headphone that they found into a keyboard and the โmasterโ didnโt pay any attention to this fact (as long as the Bluetooth address stays the same, you can change the deviceโs name and even product ID).
- In 2017, Armis Inc. discovered plenty of security issues in Bluetooth host stacks. They also published technical white papers that have all the necessary information to perform an attack. This was done so that the companies could update their devices. However, these documents can still be used to gather data from some gadgets. Conclusion: with the help of BlueBorne, hackers can gather data from different devices. The great news is that it wonโt be possible with the manufacturers that decided to fix the security issues. But not all Android manufacturers, for example, are making the necessary changes.The researchers managed to hack a device with an Android version 6.0.1, but a tablet with an Android version 5.1.1 was safe.
- Some devices that use Bluetooth Low Energy (prior to version 4.2) are vulnerable to eavesdropping. Basically, a hacker can sniff the communication of the Bluetooth keyword during the pairing process and figure out the Long Term Key.Conclusion: the Microsoft Designer Keyboard is the only one from the experiment that uses Bluetooth Low Energy (the other two use Bluetooth Classic). It has been proved that the keyboard is vulnerable to eavesdropping, but the hacker has to be right next to you during the pairing process.
How to Make Your Bluetooth Keyboard More Secure?
Despite all the issues mentioned above, Bluetooth keyboards are actually relatively secure. There are just a few things that you have to keep in mind when utilizing practically any Bluetooth device.
- Make sure that all users are aware of their security-related responsibilities. If itโs only you with your computer and keyboard, you should still educate yourself on the topic.
- Always change the default settings. The default device name, for example, can reveal the platform type and you certainly donโt want to make things easier for the hackers, right?
- Set the device to the lowest necessary power level. Avoid any Class 1 devices and external amplifiers. Basically, you would want to make sure that the connection works within one single room.
- We all know this rule, but rarely follow it โ your PIN code has to be as random as possible. Come up with a long code that has both numerals and letters. An โall zerosโ password wonโt stop a person with bad intentions.
- Donโt use the โJust Worksโ association model. If there are other models available (Numeric Comparison, Passkey Entry, Out of Band), choose one of them as they provide MITM protection (man-in-the-middle attacks include eavesdropping).
- Use a security mode that is available for your Bluetooth device (Security Mode 3 provides the best security).
- Configure your device by default as undiscoverable. No one will be able to see your Bluetooth device except for when you actually need the gadget to be discovered.
- Require mutual authentications for all connections.
- When Bluetooth is not in use, disable it.
- Pair your keyboard with other devices only in a secure environment โ a non-public area away from windows.
- You can go the extra mile and keep a list of all Bluetooth-enabled devices and addresses (a BD_ADDR is a unique identifier that has been assigned to every Bluetooth gadget).
If you have lost your keyboard or sold it and totally forgot to โcleanโ it, use the โremove deviceโ button on your computer that is usually in the Bluetooth settings.
Wow, it looks like you would have to consider a lot of stuff when using your Bluetooth keyboard. The chances are high that nothing bad will happen, even if you forget about all these precautions.
But if you are the kind of person who values his peace of mind and security, then I hope you found this checklist helpful.
How to Choose a Secure Bluetooth Keyboard?
I have already mentioned that not all Bluetooth devices are made the same. Some are more secure, while other manufacturers donโt pay as much attention to such things.
So, what exactly should you bear in mind when choosing a new Bluetooth keyboard?
- Unlike other wireless keyboards, the Bluetooth ones incorporate encrypted communication. That means that everything that you are typing wonโt be transmitted to the computer as plain text. This helps prevent eavesdropping.
Simply make sure that your Bluetooth keyboard is using the AES encryption algorithm. - Some models take it even farther. The more expensive keyboards do not use the 2.4 GHz range.
- The chances are high that you wonโt need a keyboard that can work on a long distance. So, choose the ones that you can use in a radius of 30 feet.
- Go for the devices that have been recently updated and use the most up-to-date Bluetooth technology. Donโt use the ones before the Bluetooth version 2.1.
- For some extra security, use memory chips with enabled read-back protection features. Even if you leave your keyboard somewhere or sell it and forget to erase any security-related data, such a chip will help make sure that a hacker is not able to extract the sensitive data and gain access to your computer.
All these pieces of advice might be unnecessary for a person who works from home. But if you tend to work in an office or take your Bluetooth keyboard to a public place, then you should definitely consider getting a high-quality Bluetooth keyboard.
READ MORE: Are Bluetooth Devices allowed on planes? (Solved)
Conclusion
Running a computer firewall and having antivirus protection is something that we are all used to. However, not many of us consider securing the wireless connection as well. Furthermore, we rarely think about safety when choosing a computer mouse or a keyboard.
So, are Bluetooth keyboards secure?
No worries. These devices are relatively secure on their own. But there are always a few precautions that you can take (just in case):
- Disable the technology when youโre not using it.
- You can use the device in โhiddenโ mode so that other Bluetooth technology wonโt be able to discover your keyboard.
- Take advantage of the security settings that the company offers. Ensure that all connections require a password; learn more about encryption and authentication.
- Use devices from reliable manufacturers and not the ones that have Bluetooth versions before version 2.1.
- Update the device regularly.
- Be aware of the environment you are in. Simply be a bit more cautious when in a public hotspot, for example.
This was a quick sum-up of everything in regard to the security of your Bluetooth keyboard.
If you manage to follow the easy guidelines mentioned above, youโll have nothing to worry about and you will finally be able to enjoy all the amazing pros that a wireless keyboard has to offer โ no long wires to trip over and, if you think about it, the ability to use the keyboard at a distance longer than many cables.
Good luck and stay safe!
Espen
Espen is the Director of ProPairing and has written extensively about Bluetooth devices for years. He is a consumer product expert and has personally tested Bluetooth devices for the last decade.