According to a new research, Bluetooth signals can be fingerprinted to identify and track smartphones. Read on to know more about it…
For the first time, it was reported that Bluetooth signals can be fingerprinted to track smartphones and individuals, according to new research by a group of experts at the University of California, San Diego.
At its core, the identification is based on flaws in the Bluetooth chipset hardware introduced during the manufacturing process, which result in a “unique physical-layer fingerprint.”
“To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals,” the researchers said in a new paper titled “Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices.”
The attack is conceivable because of the widespread use of Bluetooth Low Energy (BLE) beacons, which are continuously transmitted by modern devices to enable crucial functions like contact tracing during public health emergencies.
The hardware flaws arise from the fact that both Wi-Fi and BLE components are often integrated into a specialized “combo chip,” effectively subjecting Bluetooth to the same set of metrics that may be used to uniquely fingerprint Wi-Fi devices: carrier frequency offset and IQ imbalance.
Extracting CFO and I/Q imperfections for each packet by computing the Mahalanobis distance to determine “how close the features of the new packet” are to its previously recorded hardware imperfection fingerprint is the next step in fingerprinting and tracking a device.
The researchers said “Also, since BLE devices have temporarily stable identifiers in their packets [i.e., MAC address], we can identify a device based on the average over multiple packets, increasing identification accuracy,”
However, carrying out such an attack in an adversarial situation has numerous challenges, the most significant of which is that the ability to uniquely identify a device is dependent on the BLE chipset used as well as the chipsets of other devices in close physical proximity to the target.
Device temperature, changes in BLE transmit power between iPhone and Android devices, and the quality of the sniffer radio used by the malicious actor to execute the fingerprinting attacks are all key aspects that could affect the readings.
The researchers concluded “By evaluating the practicality of this attack in the field, particularly in busy settings such as coffee shops, we found that certain devices have unique fingerprints, and therefore are particularly vulnerable to tracking attacks, others have common fingerprints, they will often be misidentified,”
“BLE does present a location tracking threat for mobile devices. However an attacker’s ability to track a particular target is essentially a matter of luck.”
Conclusion
Although the researchers’ findings are alarming, they also discovered a number of challenges that an attacker will face in practice. In practice, the Bluetooth fingerprint can be affected by changes in the ambient temperature. Certain devices also send Bluetooth signals of varying degrees of power, which impacts the distance at which these devices may be tracked.
Researchers also point out that their method necessitates a high level of competence from an attacker, therefore it is unlikely to pose a widespread threat to the public today.
Despite the difficulties, the researchers discovered that Bluetooth tracking is likely to be viable for a wide range of devices. It also does not necessitate sophisticated equipment: the attack can be carried out with less than $200 worth of equipment.