Discovered that smartphone Bluetooth signals can allow tracking of user

Deepak Gupta June 12, 2022
Updated 2022/06/12 at 9:45 AM

A team of engineers from the University of California at San Diego has demonstrated for the first time that the Bluetooth signals constantly emitted by our mobile phones have a unique fingerprint that can be used to monitor and track the movements of individuals.

The hypothesis of using Bluetooth beacons for less “orthodox” purposes has been raised several times. However, it has only now been possible for researchers, for the first time, to demonstrate that it is feasible to track individuals.

Your smartphone can "report" where the user has been

Mobile devices, including phones, smartwatches, and fitness bands, constantly transmit signals, known as Bluetooth beacons, at a rate of approximately 500 beacons per minute. These enable features such as Apple's Find My Network's "Find My" lost device tracking service; COVID-19 tracking applications, and allows smartphones to connect to other devices such as wireless headphones.

In previous investigations, it was already possible to identify that the wireless fingerprint exists in the WiFi network and in other wireless technologies. The critical perception of the UC San Diego team was that this form of monitoring can also be done using Bluetooth, in a highly accurate way.

This is important because in today's world Bluetooth poses a more significant threat as it is a frequent and constant wireless signal emitted by all our personal mobile devices.

explained Nishant Bhaskara master's student in the Department of Computer Science and Engineering at UC San Diego and one of the main authors of the article.

The team, which includes researchers from the Departments of Computer Science and Engineering and Electrical and Computer Engineering, presented their findings at the conference. IEEE Security & Privacy in Oakland, California on May 24, 2022.

Imperfections that provide unique Bluetooth identification

All wireless devices have minor hardware manufacturing imperfections that are unique to each device. These fingerprints are an accidental by-product of the production process. These imperfections in Bluetooth hardware result in unique distortions, which can be used as a fingerprint to track a specific device.

For Bluetooth, this would allow an attacker to circumvent anti-monitoring techniques, such as constantly changing the address a mobile device uses to connect to Internet networks.

Tracking individual devices via Bluetooth is not straightforward. Previous fingerprinting techniques created for WiFi rely on the fact that WiFi signals include a long known sequence called a preamble. But the preambles for Bluetooth beacon signals are extremely short.

Instead, the researchers designed a new method that does not rely on the preamble, but analyzes the entire Bluetooth signal. They developed an algorithm that estimates two different values ​​found in Bluetooth signals. These values ​​vary depending on defects in the Bluetooth hardware, giving investigators the unique fingerprint of the device.

Real world experiences

The researchers evaluated their method of monitoring, or screening, through several real-world experiments. In the first experiment, the group found that 40% of 162 mobile devices seen in public areas such as cafes were identifiable uniquely.

Then they extended the experience and observed 647 mobile devices on a public road for two days. The team found that 47% of those devices had unique fingerprints. Finally, the researchers demonstrated an actual monitoring attack using fingerprints and following a mobile device owned by a study volunteer as they entered and left their home.

Bluetooth: Is this discovery worrying?

While this finding might orbit the worrisome, the researchers also uncovered several challenges an attacker will face in practice. Changes in ambient temperature, for example, can change the Bluetooth fingerprint. Certain devices also send Bluetooth signals with different strengthsand this affects how far these devices can be tracked.

Experts also note that their method requires an attacker to have a high degree of experience, so it is unlikely to be a widespread threat to the public today.

Despite the challenges, the group found that Bluetooth tracking is likely to be feasible for a large number of devices. It also does not require sophisticated equipment: the attack can be carried out with equipment that costs less than 200 euros.

iPhone Control Center Image

When you enable or disable Wi-Fi or Bluetooth using the corresponding buttons in Control Center, the device immediately disconnects from Wi-Fi and Bluetooth accessories. However, Wi-Fi and Bluetooth will continue to be available so you can use AirDrop, AirPlay, Apple Pencil, Apple Watch, Continuity Features such as Handoff and Instant Hotspot, Instant Hotspot, Location Services and Unlock with the Apple Watch.

So how can the problem be fixed?

Fundamentally, the Bluetooth hardware would have to be redesigned and replaced. But researchers believe that other, easier solutions can be found. The team is currently working on a way to hide Bluetooth fingerprints through digital signal processing in the Bluetooth device firmware.

Those responsible for this study are also exploring whether the method they developed can be applied to other types of devices. Furthermore, they noticed that just turning off Bluetooth may not necessarily prevent that all phones emit Bluetooth beacons. For example, beacons are still emitted when turning off Bluetooth in Control Center on the home screen of some Apple devices.

As far as we know, the only thing that definitely prevents Bluetooth beacons is turning off your phone.

Said Bhaskar.

Despite all that has been revealed, investigators are careful to say that while they can track individual devices, they cannot get any information about device owners.

The study was reviewed by the Campus Internal Review Board and the campus council.

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *