Bluetooth Devices Can Covertly Track Mobile Users

Over the past few years, mobile devices have become extremely useful in engaging users for streaming and other purposes over the Bluetooth Low Energy (BLE) protocol and this is a significant privacy risk.

Indeed, a new research study investigates how your smartphone or laptop gives off unique Bluetooth radio signals that can be identified and used to track your device's location.  

Using Bluetooth signals generated by smartphones, security researchers at the University of California San Diego have developed a method of identifying and tracking users via their smartphones.

“Mobile devices increasingly function as wireless tracking beacons. Using the Bluetooth Low Energy (BLE) protocol, mobile devices such as smartphones and smartwatches continuously transmit beacons to inform passive listeners about device locations for applications such as digital contact tracing,” says the University’s research report .

“The mobile devices we carry every day, such as smart- phones and smartwatches, increasingly function as wireless tracking beacons. These devices continuously transmit short- range wireless messages using the Bluetooth Low Energy (BLE) protocol.”

During the team’s research they discovered that Bluetooth signals, which are continuously being sent by phone, have a unique fingerprint that can be identified.

In addition, they also raised concerns that hackers could exploit this technology in order to track the locations of a target. As a result of this new technique, the current safeguards against telephone stalking could be bypassed easily.

Bluetooth is becoming more and more of a problem in the modern world because it is not only a wireless signal that emits a multitude of signals but also an ongoing one that is emitted continuously from smart devices. WiFi and other wireless technologies are used to do wireless fingerprinting, and this is not a new concept. In all three cases, a WiFi signal depends on its preamble to perform the operation.

Due to the very short preamble of Bluetooth beacons, this technique has historically been unable to provide accurate fingerprinting results.

As a result of this new technique, Bluetooth beacons can be tracked and the unique fingerprint of a target device can be identified. As part of their experiments, the researchers have tested out this new tracking method in real-world situations as well. Initial experiments were conducted on a small scale, where 40% of the total number of mobile devices (162) found in a public area were uniquely identified.

There are many smartphones and other devices that can be targeted by such an attack. A typical attack of this kind will require around $200 worth of equipment and can be conducted on a wide range of gadgets.

In addition, the researchers noted that even when Bluetooth is turned off on a device, the device would emit Bluetooth beacons regardless. In order to stop the beacon from being broadcasted, the beacon itself must be turned off.

The Bluetooth hacks that have been made public in recent months have also exposed a number of other high-profile attacks.The NCC Group findings on BLE hacks in May led researchers to conclude that criminals might be able to unlock and steal Tesla cars if they were using this hack. What this means is that if we have our Bluetooth constantly on and constantly broadcasting, we need to be aware what other apps on our phone are using this information, what permissions they have been granted and how this could benefit commercial tracking which uses Bluetooth technology.

It's likely that you might be able to disable Bluetooth signal "beaconing" by turning off Find My in your Apple account. But that takes away one of the benefits of owning an Apple device. 

Ultimately, the researchers conclude that tracking people via BLE can be done, and some people are more vulnerable than others, depending on conditions and the commonness or uniqueness of the device targeted.

UC San Diego:     BLEMobileApps:    Privacy International:     Cybersecurity News:   

Quora:     Toms Guide:    The Register

You Might Aso Read: 

NSA Warning - Avoid Public Wi-Fi:

 

« CISA Detects Many New Cyber Security Vulnerabilities
Channel 4 TV Launches New Cyber Thriller »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

CSIRT Panama

CSIRT Panama

CSIRT Panama is the national Computer Incident Response Team for Panama.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

Kryptus

Kryptus

Kryptus provides a wide array of solutions for hardware, firmware and software ranging from semiconductors to complex digital certificate management systems.

Emsisoft

Emsisoft

Emsisoft protects your devices against all types of malware, ransomware and other threats with no-bloat anti-malware & antivirus solutions.

ArcusTeam

ArcusTeam

ArcusTeam is at the forefront of the firmware and applications security industry, with a mission to increase the level of security on all IoT devices and applications.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

Intechtel

Intechtel

Intechtel is a cyber security company, in addition to providing other internet, technology and telephone services.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

Falconfeeds

Falconfeeds

Falconfeeds empowers businesses and security professionals with immediate access to the latest and historical threat intelligence data.

Seal Security

Seal Security

Seal Security revolutionizes software supply chain security operations, empowering organizations to automate and scale their open source vulnerability remediation and patch management.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.

Concentrix

Concentrix

Concentrix - the intelligent transformation partner. We help the world’s leading organisations to modernise technology, transform experiences, and solve their toughest business challenges.