Although recent research found that Bluetooth signals contain distinctive fingerprints that cybercriminals can follow, exposing a user’s position and perhaps much more, Bluetooth may make digital products easier to operate. Around 500 Bluetooth beacons are sent out every minute by mobile devices like smartphones, smartwatches, and fitness trackers. These beacons make possible features like lost device tracking service, COVID-19 tracing applications, and connecting smartphones to other devices like wireless earphones. Your smartphone continually sends Bluetooth Low Energy signals even when it is not related to another Bluetooth device. According to recent reports, it would be feasible for someone else to follow your location by analyzing those signals. Regardless of its brand and model, your phone’s BLE chip has minor flaws that give the signal a unique fingerprint. Only one particular chip has that fingerprint.
The experts at the University of California, San Diego, found that the continual Bluetooth signals our cellphones send leave the gadget open to misuse. This groundbreaking study found that Bluetooth signals give users a distinct fingerprint that can be tracked along with their movements and location. All wireless devices have minor hardware manufacturing imperfections that are unique to each wireless device. The manufacturing procedure unintentionally produced these fingerprints. These flaws in Bluetooth technology make distinctive distortions that may be used as a fingerprint to identify a particular device. Bluetooth enables an attacker to get beyond countermeasures, often altering a mobile device’s Internet network connection address.
Bluetooth tracking of specific devices is not simple. Prior WiFi fingerprinting methods depend on the fact that WiFi signals contain a lengthy recognized sequence known as the preamble. However, Bluetooth beacon signal preambles are incredibly condensed. Instead, the researchers created a brand-new approach that considers the entire Bluetooth signal rather than just the preamble. They created an algorithm that estimates two various Bluetooth signal levels. These numbers change according to Bluetooth hardware flaws, providing researchers with the specific fingerprint of the device.
During field experiments, the researchers could recognize several distinct BLE fingerprints from phones in congested public spaces and follow a volunteer holding a phone as they entered and exited their home. Nevertheless, there are a few drawbacks to the tracking method. The receiver must be within the BLE signal’s physical range, often no more than 30 feet (9 m). The technique would also need a substantial degree of technological know-how on the part of the tracking person. Finally, changes in variables like the surrounding temperature might change the signal’s recognizable features.
According to researchers, it will be difficult for future attackers to carry out this breach. Any mass attacks may be impossible due to the high knowledge required to use the approach. The Bluetooth fingerprint can be impacted by variables like the outside temperature and signal strength, necessitating a change in the tracking strategy. Also, according to researchers, a prospective attack would be effective against a large number of cell phones and other gadgets. Additionally, it may be performed using $200 worth of equipment. The researchers also discovered that a device could continue broadcasting Bluetooth beacons even after Bluetooth has been turned off. The beacon could only be turned off by turning off the gadget itself.
So how can the issue be resolved? Hardware for Bluetooth would need to be fundamentally redesigned and upgraded. However, the researchers think there may be alternative, more straightforward methods. The team is developing a technique to use digital signal processing in the Bluetooth device firmware to conceal Bluetooth fingerprints. Researchers are also looking at the possibility of using their approach with different gadgets. Researchers are cautious to note that while they can monitor specific devices, they cannot learn anything about the owners of those devices.
