Yesterday, Politico opened its newsletter with an article on Vice President Kamala Harris’ aversion to using Bluetooth headphones. The VP was “Bluetooth-phobic,” the story claimed, “wary” of her AirPods and cautious with her technology use to an extent former aides described as “a bit paranoid.” Proof could be seen in her televised appearances: wires dangling from her ears in an interview with MSNBC’s Joy Reid or clutched in her hand during the famous “We did it, Joe” call.
But for a high-profile public official, this is a lot more reasonable than you might think. As security researchers were quick to point out, Bluetooth has a number of well-documented vulnerabilities that could be exploited if a bad actor wanted to hack, say, the second most powerful person in the US government.
The CVE Program lists 459 current and historic vulnerabilities involving Bluetooth
Some of these attacks come down to the basic mechanics of how the Bluetooth protocol works. With Bluetooth switched on, a phone, laptop or other smart device is constantly broadcasting a signal that can be detected by other devices in range — which provides an unnecessary vector for attack that can easily be eliminated by simply keeping Bluetooth off. Assuming Bluetooth is enabled, a smartphone user generally gets a prompt from any unknown device trying to connect. But in certain cases this can be skirted, as with one exploit that impersonates a trusted Bluetooth device already known to the user in order to connect to the phone, at which point the attacker can request or send data via Bluetooth.
(The complexity of this attack makes it unlikely to affect regular people, but for a figure like the VP — who is undeniably a high-value target for foreign surveillance attempts — there’s a non-zero chance of falling victim. It also affects both Android and Apple devices, the latter of which Harris appears to use.)
Other less severe Bluetooth attacks would let an attacker crash devices through denial of service, essentially overwhelming a phone with connection requests until the processor is unable to respond. Again, such attacks have previously affected both Android and Apple devices, although iPhones are considered to have a more secure implementation of Bluetooth.
In total, the CVE Program, which tracks cybersecurity vulnerabilities, lists 459 current and historic vulnerabilities that mention Bluetooth, suggesting that Kamala Harris is right to be wary. There’s a simple way to mitigate all of these attacks — disabling Bluetooth, sticking to wired headphones — but doing so means swimming against the technological current, and maybe looking like you can’t afford AirPods.
Still, Harris’ justified distaste for Bluetooth is a win for anyone who’s been met with skepticism for suggesting that hey, perhaps they want to carry around a ball of tangled headphone wires instead of connecting wirelessly via a decades-old protocol. If anyone should be shunning the latest technology in favor of the secure option, it’s the vice president.