Bluetooth Signals Can Be Abused To Detect and Track Smartphones

Even unpaired smartphones are vulnerable to tracking.

According to a study by the University of California San Diego’s engineers, the Bluetooth signals that our cellphones constantly emit make the device vulnerable to abuse. It is the first-of-its-kind research in which it was concluded that Bluetooth signals assign a unique fingerprint, allowing tracking of the user’s movements and location.

For your information, modern cellular devices use Bluetooth signals to enable device tracking services like Apple’s Find My feature and COVID-19 tracing applications and establish a connection between devices such as wireless earphones and smartphones.

The team comprised researchers from UC San Diego’s Departments of Computer Science and Engineering and Electrical and Computer Engineering.

Privacy Risks Posed by Bluetooth Beacons

Researchers revealed that all devices with Bluetooth pairing capability, from smartphones and smartwatches to fitness trackers, are vulnerable to tracking. That’s because these devices transmit Bluetooth Beacons continuously. This transmission rate is around 500 beacons per minute.

They further noted that it is a significant threat because the tracking can be done accurately. The paper’s lead author, Nishant Bhaskar, wrote that the threat emerges from the constant emission of Bluetooth signals. An adversary can stalk a user by placing BLE receives strategically to record the user’s beacons.

What’s worth noting is that even unpaired devices are at risk because these beacons stop emitting only when the phone is off. Hence, the flaw poses serious privacy risks for users.

Why Bluetooth Signals Assign Fingerprints?

The paper highlighted that all wireless devices come with minor manufacturing glitches in the hardware, which are unique for each device. These technical and hardware glitches cause unique distortions used as fingerprints for highly accurate device tracking. These fingerprints are also an unintended byproduct of the device manufacturing process.

More Bluetooth flaws News

• BleedingTooth Bluetooth vulnerability allows RCE in Linux devices
• Update your devices: New Bluetooth flaw lets attackers monitor traffic
• BlueBorne Bluetooth Flaw Affects Millions of Smartphones, IoT and PCs
• BlueRepli attack lets hackers bypass Bluetooth authentication on Android
• Attackers Can Unlock Tesla Cars, Smart Devices by Exploiting Bluetooth Flaws

Real-Life Experiments

To test their hypothesis, researchers developed an algorithm that evaluated two different values extracted from Bluetooth signals. The variations in these values were due to the Bluetooth hardware defects or imperfections, hence assigning the unique fingerprint to the device.

Researchers examined this theory on 40 percent of the 162 mobile devices used in public areas like cafes and identified each of them. Then they experimented on 647 mobile phones in a public hallway and found unique fingerprints on 47% of them.

However, they also noted that ambient temperature changes could alter Bluetooth fingerprints and different devices send different degrees of power for Bluetooth signals affecting the distance at which these devices can be tracked. This indicates the attacker cannot easily track a device without adequate expertise.

Researchers presented their findings at the IEE Security & Privacy conference held on 24 May 2022 in Oakland, California.