A team of engineers at the University of California, San Diego has demonstrated for the first time that the Bluetooth signals constantly emitted by our cell phones have a unique fingerprint that can be used to monitor and track an individual’s movements.
The hypothesis of using Bluetooth beacons for less “orthodox” purposes has been put forward several times. However, it is now possible for researchers to demonstrate for the first time that tracking individuals is feasible.
Your smartphone can 'report' where users have been
Mobile devices, including cell phones, smartwatches, and fitness bands, continuously transmit signals, called Bluetooth beacons, at about 500 beacons per minuteThese enable features such as Apple's Find My Network's "Find My" lost device tracking service; the COVID-19 tracking app, and allow smartphones to connect to other devices like wireless headphones.
In previous investigations, it has been possible to identify wireless fingerprints in WiFi networks and other wireless technologies. The key takeaway from the UC San Diego team is that this form of monitoring can also be done in a highly accurate manner using Bluetooth.
This is important because in today's world, Bluetooth poses an even greater threat because it is a frequent and constant wireless signal from all of our personal mobile devices.
Explains Nishant Bhaskar, a master's student in the Department of Computer Science and Engineering at UC San Diego and one of the paper's lead authors.
The team, which includes researchers from the Departments of Computer Science and Engineering and Electrical and Computer Engineering, presented their findings at the IEEE Conference on Security and Privacy in Oakland, California, on May 24, 2022.
Defects that provide unique Bluetooth identification
All wireless devices have minor hardware manufacturing defects, and each device is unique. These fingerprints are an accidental by-product of the production process. These flaws in Bluetooth hardware cause unique distortions that can be used as fingerprints to track specific devices.
For Bluetooth, this would allow attackers to bypass anti-surveillance techniques, such as constantly changing the address that mobile devices use to connect to Internet networks.
Tracking individual devices via Bluetooth is not straightforward. Fingerprinting techniques previously created for WiFi rely on the fact that: WiFi signals include a long known sequence called a preamble. But the preamble of the bluetooth beacon signal is very short.
Instead, the researchers devised a new method that doesn't rely on preambles, but instead analyzes the entire Bluetooth signal. They developed an algorithm that estimates two distinct values in a Bluetooth signal. These values vary due to flaws in the Bluetooth hardware, giving investigators a unique fingerprint of the device.
real world experience
The researchers evaluated their monitoring or screening method through several real-world experiments.In the first experiment, the team found 40% of 162 mobile devices seen in public places like cafes are identifiable unique.
They then expanded the experience and observed 647 mobile devices on public roads for two days. The team found that 47 percent of these devices had unique fingerprints. Finally, the researchers demonstrated an actual surveillance attack that used fingerprints and tracked mobile devices owned by study volunteers as they moved in and out of their homes.
Bluetooth: Is this discovery worrisome?
While this finding may be concerning, the researchers also uncovered several challenges that attackers will face in practice. Changes in ambient temperature, for example, to change the Bluetooth fingerprint.Some devices also send Different strengths of bluetooth signalswhich affects how far these devices can be tracked.
Experts also point out that their method requires a high degree of attacker experience, so it is unlikely to be a widespread threat to the public today.
Despite the challenges, the team found that Bluetooth tracking could be feasible for a large number of devices. It also doesn't require complex equipment: Attacks can be carried out using equipment costing less than 200 euros.
So how to solve this problem?
Fundamentally, Bluetooth hardware had to be redesigned and replaced. But the researchers believe other, simpler solutions can be found. The team is currently working on a way to hide Bluetooth fingerprints through digital signal processing in the firmware of Bluetooth devices.
Those in charge of the research are also exploring whether the method they developed could be applied to other types of devices.Furthermore, they noticed Just turning off bluetooth won't necessarily stop it All cell phones emit bluetooth beacons. For example, beacons are still emitted when Bluetooth is turned off in Control Center on the Home screen of some Apple devices.
As far as we know, the only thing that stops the bluetooth beacons is turning off the phone.
While all of this was revealed, investigators are careful to say that while they can track individual devices, they Unable to get any information about device owner.
The research is reviewed by the Campus Internal Review Committee and the Campus Council.