The team’s research revealed that Bluetooth signals, which phones constantly emit, contain a unique fingerprint. They also expressed concern that hackers could potentially use this method to track a target’s movements.
How Can Someone ID and Track Devices with Bluetooth?
Most of our electronic devices such as smartphones, smartwatches, and fitness trackers constantly emit Bluetooth beacon signals. These signals allow for various tracking services, including Covid contact tracing, Apple’s Find My Device and AirTag features, as well as connecting phones to wireless headsets. All of the devices mentioned above have inherent manufacturing imperfections. It is these imperfections that allow for possible fingerprinting. The researchers at UC San Diego have developed an algorithm that “estimates two different values found in Bluetooth signals.” Their method allows them to find the device’s unique fingerprint. “This is important because in today’s world Bluetooth poses a more significant threat as it is a frequent and constant wireless signal emitted from all our personal mobile devices,” said Nishant Bhaskar, one of the UC San Diego researchers.
Researchers Conducted Real-World Experiments
Wireless fingerprinting is not a new concept and is done with WiFi and other wireless technologies. However, those techniques rely on a WiFi signal’s preamble. Since Bluetooth beacons have a very short preamble, this technique historically led to inaccurate fingerprinting. However, the UC San Diego research team’s new technique can track Bluetooth beacons and detect a target device’s unique fingerprint. Furthermore, they have tried out their tracking method through real-world experiments. In one experiment, they could uniquely identify 40% of the total mobile devices (162) seen in a public area. The team also conducted a larger experiment where they observed the mobile devices in a public hallway for two days. Of the 647 devices seen, they found the unique fingerprints of 47% of the devices.
Attackers Will Require High Degree of Expertise
Researchers said that potential attackers will face challenges in executing this hack. Factors such as ambient temperature and signal strength can affect the Bluetooth fingerprint and require altering the tracking method. The high degree of expertise needed to execute the technique could rule out any widespread attacks in the near future. However, researchers also said a potential attack would work on a high number of smartphones and other devices. Furthermore, it can be carried out with equipment that costs around $200. The researchers also noted that turning off Bluetooth on a device does not stop it from emitting a Bluetooth beacon. The only way to stop the beacon would be to power off the device itself. Since the problem lies with a manufacturing imperfection, resolving the problem would require redesigning and replacing the Bluetooth hardware. Though researchers are currently working on a technique to hide Bluetooth fingerprints, this would involve digital signal processing in the Bluetooth device firmware.
Bluetooth Exploits on the Rise
In recent months several other high-profile Bluetooth hacks have come to light. In May, security researchers at the NCC Group found that a BLE hack could allow criminals to unlock and steal Tesla cars. The very same month, a study found that the iPhone’s low power mode (LPM) leaves the device susceptible to a number of security risks. If you found this story interesting and want to learn more about Bluetooth security, check out our detailed guide on Bluetooth safety.