Bluetooth Devices Can Covertly Track Mobile Users

Over the past few years, mobile devices have become extremely useful in engaging users for streaming and other purposes over the Bluetooth Low Energy (BLE) protocol and this is a significant privacy risk.

Indeed, a new research study investigates how your smartphone or laptop gives off unique Bluetooth radio signals that can be identified and used to track your device's location.  

Using Bluetooth signals generated by smartphones, security researchers at the University of California San Diego have developed a method of identifying and tracking users via their smartphones.

“Mobile devices increasingly function as wireless tracking beacons. Using the Bluetooth Low Energy (BLE) protocol, mobile devices such as smartphones and smartwatches continuously transmit beacons to inform passive listeners about device locations for applications such as digital contact tracing,” says the University’s research report .

“The mobile devices we carry every day, such as smart- phones and smartwatches, increasingly function as wireless tracking beacons. These devices continuously transmit short- range wireless messages using the Bluetooth Low Energy (BLE) protocol.”

During the team’s research they discovered that Bluetooth signals, which are continuously being sent by phone, have a unique fingerprint that can be identified.

In addition, they also raised concerns that hackers could exploit this technology in order to track the locations of a target. As a result of this new technique, the current safeguards against telephone stalking could be bypassed easily.

Bluetooth is becoming more and more of a problem in the modern world because it is not only a wireless signal that emits a multitude of signals but also an ongoing one that is emitted continuously from smart devices. WiFi and other wireless technologies are used to do wireless fingerprinting, and this is not a new concept. In all three cases, a WiFi signal depends on its preamble to perform the operation.

Due to the very short preamble of Bluetooth beacons, this technique has historically been unable to provide accurate fingerprinting results.

As a result of this new technique, Bluetooth beacons can be tracked and the unique fingerprint of a target device can be identified. As part of their experiments, the researchers have tested out this new tracking method in real-world situations as well. Initial experiments were conducted on a small scale, where 40% of the total number of mobile devices (162) found in a public area were uniquely identified.

There are many smartphones and other devices that can be targeted by such an attack. A typical attack of this kind will require around $200 worth of equipment and can be conducted on a wide range of gadgets.

In addition, the researchers noted that even when Bluetooth is turned off on a device, the device would emit Bluetooth beacons regardless. In order to stop the beacon from being broadcasted, the beacon itself must be turned off.

The Bluetooth hacks that have been made public in recent months have also exposed a number of other high-profile attacks.The NCC Group findings on BLE hacks in May led researchers to conclude that criminals might be able to unlock and steal Tesla cars if they were using this hack. What this means is that if we have our Bluetooth constantly on and constantly broadcasting, we need to be aware what other apps on our phone are using this information, what permissions they have been granted and how this could benefit commercial tracking which uses Bluetooth technology.

It's likely that you might be able to disable Bluetooth signal "beaconing" by turning off Find My in your Apple account. But that takes away one of the benefits of owning an Apple device. 

Ultimately, the researchers conclude that tracking people via BLE can be done, and some people are more vulnerable than others, depending on conditions and the commonness or uniqueness of the device targeted.

UC San Diego:     BLEMobileApps:    Privacy International:     Cybersecurity News:   

Quora:     Toms Guide:    The Register

You Might Aso Read: 

NSA Warning - Avoid Public Wi-Fi:

 

« CISA Detects Many New Cyber Security Vulnerabilities
Channel 4 TV Launches New Cyber Thriller »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

National Initiative for Cybersecurity Education (NICE)

National Initiative for Cybersecurity Education (NICE)

NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Mobilen Communications

Mobilen Communications

Mobilen are dedicated to providing our customers with the highest level of secure data in transit and to bring privacy back to a mobile world.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.