Bluetooth Devices Can Covertly Track Mobile Users

Uploaded on 2022-07-11 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

Over the past few years, mobile devices have become extremely useful in engaging users for streaming and other purposes over the Bluetooth Low Energy (BLE) protocol and this is a significant privacy risk.

Indeed, a new research study investigates how your smartphone or laptop gives off unique Bluetooth radio signals that can be identified and used to track your device's location.  

Using Bluetooth signals generated by smartphones, security researchers at the University of California San Diego have developed a method of identifying and tracking users via their smartphones.

“Mobile devices increasingly function as wireless tracking beacons. Using the Bluetooth Low Energy (BLE) protocol, mobile devices such as smartphones and smartwatches continuously transmit beacons to inform passive listeners about device locations for applications such as digital contact tracing,” says the University’s research report .

“The mobile devices we carry every day, such as smart- phones and smartwatches, increasingly function as wireless tracking beacons. These devices continuously transmit short- range wireless messages using the Bluetooth Low Energy (BLE) protocol.”

During the team’s research they discovered that Bluetooth signals, which are continuously being sent by phone, have a unique fingerprint that can be identified.

In addition, they also raised concerns that hackers could exploit this technology in order to track the locations of a target. As a result of this new technique, the current safeguards against telephone stalking could be bypassed easily.

Bluetooth is becoming more and more of a problem in the modern world because it is not only a wireless signal that emits a multitude of signals but also an ongoing one that is emitted continuously from smart devices. WiFi and other wireless technologies are used to do wireless fingerprinting, and this is not a new concept. In all three cases, a WiFi signal depends on its preamble to perform the operation.

Due to the very short preamble of Bluetooth beacons, this technique has historically been unable to provide accurate fingerprinting results.

As a result of this new technique, Bluetooth beacons can be tracked and the unique fingerprint of a target device can be identified. As part of their experiments, the researchers have tested out this new tracking method in real-world situations as well. Initial experiments were conducted on a small scale, where 40% of the total number of mobile devices (162) found in a public area were uniquely identified.

There are many smartphones and other devices that can be targeted by such an attack. A typical attack of this kind will require around $200 worth of equipment and can be conducted on a wide range of gadgets.

In addition, the researchers noted that even when Bluetooth is turned off on a device, the device would emit Bluetooth beacons regardless. In order to stop the beacon from being broadcasted, the beacon itself must be turned off.

The Bluetooth hacks that have been made public in recent months have also exposed a number of other high-profile attacks.The NCC Group findings on BLE hacks in May led researchers to conclude that criminals might be able to unlock and steal Tesla cars if they were using this hack. What this means is that if we have our Bluetooth constantly on and constantly broadcasting, we need to be aware what other apps on our phone are using this information, what permissions they have been granted and how this could benefit commercial tracking which uses Bluetooth technology.

It's likely that you might be able to disable Bluetooth signal "beaconing" by turning off Find My in your Apple account. But that takes away one of the benefits of owning an Apple device. 

Ultimately, the researchers conclude that tracking people via BLE can be done, and some people are more vulnerable than others, depending on conditions and the commonness or uniqueness of the device targeted.

UC San Diego:     BLEMobileApps:    Privacy International:     Cybersecurity News:   

Quora:     Toms Guide:    The Register

You Might Aso Read: 

NSA Warning - Avoid Public Wi-Fi:

 

« CISA Detects Many New Cyber Security Vulnerabilities
Channel 4 TV Launches New Cyber Thriller »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Secure Forum

Cyber Secure Forum

The Cyber Secure Forum is a premier cybersecurity event dedicated to bringing together experts, and professionals to explore the latest trends, share knowledge, and discuss strategies.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

Kernelios

Kernelios

Kernelios is a simulator-based training center and an incubator for cyber experts worldwide.

FarrPoint

FarrPoint

FarrPoint is a specialist telecoms consultancy providing a range of services including cyber security assessments and technical assurance to safeguard your data.

Bottomline Technologies

Bottomline Technologies

Bottomline Technologies is an innovator in business payment automation technology, helping companies make complex business payments simple, smart and secure.

Hornetsecurity

Hornetsecurity

Meet Hornetsecurity – Leading Cloud Email Security Provider. We protect global organizations so you can focus on what you do best.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

Portshift

Portshift

Portshift leverages the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications security.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Minorities in Cybersecurity (MiC)

Minorities in Cybersecurity (MiC)

MiC was developed out of a unique passion to help fill the gap that exists in the support and development of women and minority leaders in the cybersecurity field.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.