Smartphones

This is the first time that researchers have demonstrated that it is possible to track individuals using Bluetooth

This is the first time that researchers have demonstrated that it is possible to track individuals using Bluetooth

A team of engineers from the University of California, San Diego has demonstrated for the first time that the Bluetooth signals continuously emitted by our cell phones have a unique fingerprint that can be used to track people’s movements.

Mobile devices, including phones, smartwatches and fitness trackers, constantly transmit signals, called Bluetooth beacons, at a rate of around 500 beacons per minute. These tags enable features such as Apple’s “Find My” lost device tracking service; COVID-19 tracing apps; and connect smartphones to other devices such as wireless headphones.

Previous research has shown that wireless fingerprints exist in WiFi and other wireless technologies. The key idea of ​​the UC San Diego team was that this form of tracking can also be done with Bluetooth, very accurately.

“It’s important because in today’s world, Bluetooth poses a bigger threat because it’s a frequent and constant wireless signal emitted by all our personal mobile devices,” said Nishant Bhaskar, incumbent. of a doctorate. student in the Department of Computer Science and Engineering at UC San Diego and one of the primary authors of the paper.

The team, which includes researchers from the departments of Computer Science and Engineering and Electrical and Computer Engineering, presented their findings at the IEEE Security & Privacy conference in Oakland, Calif., on May 24, 2022.

All wireless devices have small manufacturing imperfections in the material that are unique to each device. These fingerprints are an accidental by-product of the manufacturing process. These imperfections in Bluetooth hardware lead to unique distortions, which can be used as a fingerprint to track a specific device. For Bluetooth, this would allow an attacker to bypass anti-tracking techniques such as constantly changing the address a mobile device uses to connect to Internet networks.

Tracking individual devices via Bluetooth is not straightforward. Previous fingerprinting techniques designed for Wi-Fi rely on the fact that Wi-Fi signals include a long-known sequence called a preamble. But the preambles of Bluetooth beacon signals are extremely short.

“The short duration gives an inaccurate fingerprint, rendering earlier techniques useless for Bluetooth tracking,” said Hadi Givehchian, also a PhD in computer science at UC San Diego. student and main author of the article.

Instead, the researchers devised a new method that does not rely on the preamble but examines the entire Bluetooth signal. They developed an algorithm that estimates two different values ​​found in Bluetooth signals. These values ​​vary based on flaws in the Bluetooth hardware, giving researchers the unique fingerprint of the device.

Real world experiences

The researchers evaluated their tracking method through several real-world experiments. In the first experiment, they found that 40% of 162 mobile devices seen in public places, such as cafes, were uniquely identifiable. Then they scaled up the experiment and observed 647 mobile devices in a public hallway for two days. The team found that 47% of these devices had unique fingerprints. Finally, the researchers demonstrated an actual tracking attack by fingerprinting and tracking a mobile device belonging to a study volunteer as they entered and exited their home.

Challenges

While their finding is concerning, the researchers also uncovered several challenges that an attacker will face in practice. Changes in ambient temperature, for example, can alter the Bluetooth fingerprint. Some devices also send out Bluetooth signals with varying degrees of strength, which affects how far those devices can be tracked.

The researchers also note that their method requires an attacker to have a high degree of expertise, so it’s unlikely to be a widespread threat to the public today.

Despite the challenges, the researchers found that Bluetooth tracking is likely feasible for a large number of devices. It also does not require sophisticated equipment: the attack can be performed with equipment that costs less than $200.

Solutions and next steps

So how can the problem be solved? Basically, the Bluetooth hardware should be redesigned and replaced. But the researchers think other, simpler solutions can be found. The team is currently working on a way to hide Bluetooth fingerprints through digital signal processing in the firmware of the Bluetooth device.

The researchers are also studying whether the method they have developed could be applied to other types of devices. “Any form of communication today is wireless and risky,” said Dinesh Bharadia, a professor in the Department of Electrical and Computer Engineering at UC San Diego and one of the paper’s lead authors. “We are working to build hardware-level defenses against potential attacks.”

The researchers noted that simply turning off Bluetooth does not necessarily prevent all phones from emitting Bluetooth beacons. For example, beacons are still emitted when turning off Bluetooth from Control Center on the home screen of some Apple devices. “As far as we know, the only thing that permanently stops Bluetooth beacons is turning off your phone,” Bhaskar said.

The researchers are careful to say that while they can track individual devices, they are unable to obtain information about the owners of the devices. The study was reviewed by the campus internal review board and campus attorney.

“It’s really the devices that are under scrutiny,” said Aaron Schulman, a computer science professor at UC San Diego and one of the paper’s lead authors.

Assessing Physical Layer BLE Location Tracking Attacks on Mobile Devices

Dinesh Bharadia, Department of Electrical and Computer Engineering at UC San Diego

Nishant Bhaskar, Hadi Givehchian, Aaron Schulman, Department of Computer Science and Engineering, UC San Diego

Christian Dameff, UC San Diego Department of Emergency Medicine

Eliana Rodriguez Herrera Hector Rodrigo Lopez Soto, UC San Diego ENLACE Program