Using Bluetooth signals generated by smartphones, security researchers at the University of California San Diego have developed a method of identifying and tracking them via their smartphones.
During the team’s research, they found that Bluetooth signals, which are continuously being sent by phone, have a unique fingerprint that can be identified.
In addition, they also raised concerns that hackers could exploit this technology in order to track the locations of a target. As a result of this new technique, the current safeguards against telephone stalking could be bypassed easily.
There has been some research conducted before showing that wireless fingerprinting is present in wireless technologies such as WiFi. This type of tracking, as highlighted by the team from the University of California, San Diego, can also be done using Bluetooth as well with perfect accuracy.
Tracking Devices with Bluetooth
Bluetooth beacon signals are constantly emitted by most of the electronic devices we use every day. While all these devices are mainly:-
- Fitness trackers
Various types of tracking services can be performed using these signals, and here they are:-
- Covid contact tracing
- Apple’s Find My Device
- Connecting wireless headsets with your smartphone
It should be noted that all the above-mentioned devices have certain inherent manufacturing flaws. This is the reason why there is a chance of fingerprinting in these devices.
There are two different values found in Bluetooth signals, and they are estimated by the security experts at UC San Diego using an algorithm that they have developed. By using their process, they discover the unique fingerprint of each device.
Bluetooth is becoming more and more of a problem in the modern world because it is not only a wireless signal that emits a multitude of signals but also an ongoing one that is emitted continuously from smart devices.
WiFi and other wireless technologies are used to do wireless fingerprinting, and this is not a new concept. In all three cases, a WiFi signal depends on its preamble to perform the operation.
Due to the very short preamble of Bluetooth beacons, this technique has historically been unable to provide accurate fingerprinting results.
As a result of this new technique, Bluetooth beacons can be tracked and the unique fingerprint of a target device can be identified. As part of their experiments, the researchers have tested out this new tracking method in real-world situations as well.
Initial experiments were conducted on a small scale, where 40% of the total number of mobile devices (162) found in a public area were uniquely identified.
Also, the team conducted a large-scale experiment where they observed public hallways for two days in they observed mobile devices. A total of 647 devices were observed, and 47% of the unique fingerprints of the devices were identified.
There are many smartphones and other devices that can be targeted by such an attack. A typical attack of this kind will require around $200 worth of equipment and can be conducted on a wide range of gadgets.
In addition, the researchers noted that even when Bluetooth is turned off on a device, the device would emit Bluetooth beacons regardless. In order to stop the beacon from being broadcasted, the beacon itself must be turned off.
The Bluetooth hacks that have been made public in recent months have also exposed a number of other high-profile attacks.
The NCC Group findings on BLE hacks in May led researchers to conclude that criminals might be able to unlock and steal Tesla cars if they were using this hack.