Researchers demonstrate how Bluetooth can be used to track mobile devices
All wireless devices have minor manufacturing imperfections in the hardware that are unique to each device. These fingerprints are an accidental byproduct of the Bluetooth hardware manufacturing process, giving rise to unique artifacts, which can be used to track a specific device.
A team of researchers has succeeded in showing for the first time that these Bluetooth signals, constantly emitted by our mobile phones, can be used to track people’s movements.
How Bluetooth can be used to track a mobile device
Mobile devices, including phones, smart watches, and fitness trackers, constantly transmit signals, at a rate of about 500 flashes per minute. These signals enable features such as lost equipment tracking service, COVID-19 tracking apps, and connect smartphones to other devices, such as wireless headsets.
Previous research has shown that wireless fingerprinting exists in WiFi and other wireless technologies. A team from the University of California, San Diego wanted to show that this form of tracking could also be done very accurately over Bluetooth.
“This is important because in today’s world, Bluetooth poses a more significant threat as it is a frequent and constant wireless signal emitted from all of our mobile devices.”said Nishant Bhaskar, Ph.D. student in the UC San Diego Department of Computer Science and Engineering and one of the paper’s lead authors.
Specifically in the case of Bluetooth, fingerprint identification would allow an attacker to bypass anti-tracking techniques, such as constantly changing the address a mobile device uses to connect to Internet networks.
Tracking individual devices via Bluetooth is not easy. Previous fingerprinting techniques created for WiFi are based on the fact that WiFi signals include a long-known sequence called a preamble. But the preambles for intermittent Bluetooth signals are extremely short.
“The short duration gives an inaccurate fingerprint, which makes previous techniques useless for Bluetooth tracking”said Hadi Givehchian, also a Ph.D. in computer science from UC San Diego, who is listed as the paper’s lead author.
To reverse this precedent, the researchers devised a new method that does not rely on the preamble, but analyzes the entire Bluetooth signal. They developed an algorithm that estimates two different values found in Bluetooth signals. These values vary based on defects in the Bluetooth hardware, giving researchers the unique fingerprint of the device.
The research team tested their tracking method through various tests. In the first experiment, they found that 40% of 162 mobile devices seen in public areas, for example coffee shops, were uniquely identifiable. They then extended the experiment and observed 647 mobile devices in a public hallway over two days. The team found that 47% of these devices had unique fingerprints. Finally, the researchers demonstrated an actual tracking attack by fingerprinting and tracking a mobile device owned by a study volunteer as he entered and left his home.
Challenges and Solutions for Identified Security Issues in Bluetooth Technology
The findings of the study cited here are alarming. However, several peculiarities of specific cases could reconfigure this scenario. For example, changes in ambient or device temperature can alter the Bluetooth fingerprint. In addition, those devices capable of adjusting the power of their emissions can make tracking difficult.
Furthermore, the researchers highlighted in their study notes that the tracking method described requires an attacker to have a high degree of experience, so it is unlikely to be a widespread threat to the public today.
The solution that attacks this root problem is to do without the Bluetooth hardware. However, it is not really feasible, given the very high number of devices that depend on this technology today. Despite this, the researchers estimate that solutions can be found that are easier to implement.
Now the team is working on developing a method to hide Bluetooth fingerprints by processing digital signals in the firmware of the Bluetooth device. Also, they are exploring whether the developed method could be applied to other types of devices.
The researchers noted that disabling Bluetooth doesn’t necessarily prevent all phones from emitting the aforementioned intermittent Bluetooth signals. For example, signals are still emitted when turning off Bluetooth connectivity from the control center on the home screen of some Apple devices. “As far as we know, the only thing that stops Bluetooth beacons is turning off your phone”Bhaskar said.
Despite all the alerts that this investigation raises, those responsible emphasize that device tracking is limited to just that, the identification of devices as such, when they are turned on. Using this method, it is not possible to obtain more information about the owners of the devices and the content stored on them.