But apply every patch you can, and keep Bluetooth off when you're not using it. You can't control if and when devices get patched for newly discovered Bluetooth vulnerabilities, and you're probably not going to stop using Bluetooth altogether just because of some possible risks. "Attacks against improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information and unauthorized use of Bluetooth devices and other systems or networks to which the devices are connected," the National Institute of Standards and Technology noted in its extensive May "Guide to BluetoothSecurity" update. But attacks like BlueBorne that affect individual implementations of Bluetooth are attracting attention as well. The importance of Bluetooth defense has become increasingly clear, and the Bluetooth Special Interest Group, which manages the standard, has focused on security (particularly cryptography upgrades) in recent versions. And if you use it 24/7 on your phone because of a peripheral like a smartwatch, you can at least turn it off on your other devices, especially any Bluetooth-enabled internet of things gear. Even if you lean on it all day at work, you can ditch it at a birthday dinner or when you're asleep.
But you likely don't use Bluetooth most of the time. You might end up flipping the switch fairly often to use Bluetooth headphones. There might be some inconvenience when you bring your laptop to your desk and want it to connect to a Bluetooth mouse and keyboard. So, yeah, turn off Bluetooth if you're not using it or if you're near anyone you don't trust. Windows, Android, Linux, and iOS have been vulnerable to BlueBorne in the past. The flaws aren't in the Bluetooth standard itself, but in its implementation in all sorts of software.
That includes an attack called BlueBorne, announced this week by the security firm Armis, which would allow any affected device with Bluetooth turned on to be attacked through a series of vulnerabilities.
Minimizing your Bluetooth usage minimizes your exposure to very real vulnerabilities. Whenever you don't absolutely need it, you should go ahead and turn it off. It's a calculated risk, and the benefits generally make it worthwhile. But there are lots of digital entrances that you leave open all the time, such as Wi-Fi and your cell connection. You intuitively know why you should bolt your doors when you leave the house and add some sort of authentication for your smartphone.