“Every form of communication today is wireless and risky.”
SAN DIEGO- Bluetooth can make digital devices easier to use, but a new study has found that these signals carry unique “fingerprints” that cybercriminals can track, revealing a user’s location and possibly much more.
A team from the University of California, San Diego has demonstrated for the first time that it is possible to distinguish an individual signal from mobile devices, including smartphones, smartwatches and fitness trackers. All of these devices constantly transmit signals called “Bluetooth beacons”. The devices emit these signals at a rate of 500 beacons per minute and activate features such as Apple’s “Find My” lost device tracker and COVID-19 tracing apps. They also help connect smartphones and other devices to accessories like wireless headphones.
Since previous studies found wireless fingerprints to work for WiFi, the team wanted to see if the same could be done with Bluetooth.
“This is important because in today’s world, Bluetooth poses a greater threat as it is a frequent and constant wireless signal emitted by all of our personal mobile devices,” says Nishant Bhaskar, licensee. a Ph.D. student in the Department of Computer Science and Engineering at UC San Diego, on a field trip.
Every Bluetooth signal is unique, but that’s not intentional
The authors of the study explain that every wireless device you own has small manufacturing imperfections in its hardware. These flaws are an accidental by-product of the manufacturing process and are also unique to each device. The result creates unique distortions in their signal that act like a fingerprint for every device in the world.
For a hacker, this would allow them to bypass anti-tracking software that constantly changes the address used by mobile devices to connect to the Internet. It’s not exactly an easy process. Fingerprinting techniques for WiFi signals rely on a long-known sequence called a preamble.
However, the preamble of a Bluetooth beacon is extremely short.
“The short duration results in an inaccurate fingerprint, rendering earlier techniques useless for Bluetooth tracking,” says lead author Hadi Givehchian.
The team’s new method for cracking someone’s Bluetooth signal doesn’t rely on the preamble. Instead, it examines the entire signal using a computer algorithm that estimates two different values in the Bluetooth beacon. The values change based on faults in the Bluetooth hardware, revealing each device’s unique fingerprint.
Hackers can track Bluetooth signals for less than $200!
Using this method tracking method, researchers conducted several real-world experiments to see its effectiveness. In a test, they found they could track and identify 40% of 162 mobile devices in a public space like a cafe.
Next, they found that the tracking method could identify 47% of the 647 devices carried by people in a public hallway over two days. Finally, the team then demonstrated that they could carry out a true tracking attack by fingerprinting and tracking someone’s mobile device as they entered and left their home.
Although a hacker faces several challenges, the team says someone with “a high degree of expertise” could successfully track a Bluetooth signal with equipment costing less than $200.
“Any form of communication today is wireless and risky,” says lead author Dinesh Bharadia, a professor in the Department of Electrical and Computer Engineering at UC San Diego. “We are working to build hardware-level defenses against potential attacks.”
“As far as we know, the only thing that permanently stops Bluetooth beacons is turning off your phone,” Bhaskar concludes.
The team presented their findings at the IEEE Security & Privacy conference in San Francisco.