Bluetooth Devices Can Covertly Track Mobile Users

Uploaded on 2022-07-11 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

Over the past few years, mobile devices have become extremely useful in engaging users for streaming and other purposes over the Bluetooth Low Energy (BLE) protocol and this is a significant privacy risk.

Indeed, a new research study investigates how your smartphone or laptop gives off unique Bluetooth radio signals that can be identified and used to track your device's location.  

Using Bluetooth signals generated by smartphones, security researchers at the University of California San Diego have developed a method of identifying and tracking users via their smartphones.

“Mobile devices increasingly function as wireless tracking beacons. Using the Bluetooth Low Energy (BLE) protocol, mobile devices such as smartphones and smartwatches continuously transmit beacons to inform passive listeners about device locations for applications such as digital contact tracing,” says the University’s research report .

“The mobile devices we carry every day, such as smart- phones and smartwatches, increasingly function as wireless tracking beacons. These devices continuously transmit short- range wireless messages using the Bluetooth Low Energy (BLE) protocol.”

During the team’s research they discovered that Bluetooth signals, which are continuously being sent by phone, have a unique fingerprint that can be identified.

In addition, they also raised concerns that hackers could exploit this technology in order to track the locations of a target. As a result of this new technique, the current safeguards against telephone stalking could be bypassed easily.

Bluetooth is becoming more and more of a problem in the modern world because it is not only a wireless signal that emits a multitude of signals but also an ongoing one that is emitted continuously from smart devices. WiFi and other wireless technologies are used to do wireless fingerprinting, and this is not a new concept. In all three cases, a WiFi signal depends on its preamble to perform the operation.

Due to the very short preamble of Bluetooth beacons, this technique has historically been unable to provide accurate fingerprinting results.

As a result of this new technique, Bluetooth beacons can be tracked and the unique fingerprint of a target device can be identified. As part of their experiments, the researchers have tested out this new tracking method in real-world situations as well. Initial experiments were conducted on a small scale, where 40% of the total number of mobile devices (162) found in a public area were uniquely identified.

There are many smartphones and other devices that can be targeted by such an attack. A typical attack of this kind will require around $200 worth of equipment and can be conducted on a wide range of gadgets.

In addition, the researchers noted that even when Bluetooth is turned off on a device, the device would emit Bluetooth beacons regardless. In order to stop the beacon from being broadcasted, the beacon itself must be turned off.

The Bluetooth hacks that have been made public in recent months have also exposed a number of other high-profile attacks.The NCC Group findings on BLE hacks in May led researchers to conclude that criminals might be able to unlock and steal Tesla cars if they were using this hack. What this means is that if we have our Bluetooth constantly on and constantly broadcasting, we need to be aware what other apps on our phone are using this information, what permissions they have been granted and how this could benefit commercial tracking which uses Bluetooth technology.

It's likely that you might be able to disable Bluetooth signal "beaconing" by turning off Find My in your Apple account. But that takes away one of the benefits of owning an Apple device. 

Ultimately, the researchers conclude that tracking people via BLE can be done, and some people are more vulnerable than others, depending on conditions and the commonness or uniqueness of the device targeted.

UC San Diego:     BLEMobileApps:    Privacy International:     Cybersecurity News:   

Quora:     Toms Guide:    The Register

You Might Aso Read: 

NSA Warning - Avoid Public Wi-Fi:

 

« CISA Detects Many New Cyber Security Vulnerabilities
Channel 4 TV Launches New Cyber Thriller »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cipher Security

Cipher Security

Cipher Security provides unique robustness tests and penetration tests, as well as customizable development services for vendors and providers.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

VIPRE Security Group

VIPRE Security Group

VIPRE Security Group is an award-winning global cybersecurity, privacy and data protection company.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

Phylum

Phylum

Phylum provides powerful, automated software supply chain risk analysis that protects organizations, defends developers and enables secure innovation.

MAUSHIELD

MAUSHIELD

MAUSHIELD is the national platform for sharing cyber threat information and intelligence that can help organisations to improve their cybersecurity posture, minimize risks and prevent cyber-attacks.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

Computer Futures

Computer Futures

Computer Futures are a global specialist IT recruitment partner, matching candidates with roles across niche IT markets and core technologies.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

Slide

Slide

Slide is a modern, security-first Business Continuity & Disaster Recovery (BCDR) company built exclusively for Managed Service Providers.