Security experts have found a way to track people using the Bluetooth chips built into their mobile devices and laptops, but it’s a lot harder than it sounds (and still not very effective).
Researchers at the University of California, San Diego found that each individual Bluetooth chip has a small imperfection, created during the manufacturing process. In a way, despite being produced at scale and having measures to prevent identification, all these chips are somewhat unique.
This uniqueness, the researchers found, can be traced.
Device fingerprint
However, in order to track the chip, the potential attacker must first identify the device or “capture” its unique “fingerprint” to identify this small imperfection. After that, they need a radio receiver capable of recording raw radio signals. Apparently, this can be done with off-the-shelf gear that doesn’t cost more than $150.
Furthermore, they would need to be relatively close to the victim to be able to snoop on Bluetooth transmissions. To make things even more complicated – not all chips have the same capacity and range.
“They will know when the target device is close to the receiver when they capture one or more packets that match the physical layer fingerprint of the target,” the researchers say.
“The more frequently the BLE device transmits, the more likely the attacker will receive a transmission if a user passes by. Also, the more accurate the fingerprint technique, the better the attacker can differentiate the target from other nearby devices.”
While the concept might work when there are just a few devices around, it gets a little more complicated in crowded environments. Testing the flaw on 162 devices, the researchers were able to identify 40% of Bluetooth chips, while testing on 647 mobile devices, the percentage rose to almost half (47%).
“In evaluating the practicality of this attack in the field, particularly in busy environments such as coffee shops, we found that certain devices have unique fingerprints and are therefore particularly vulnerable to tracking attacks. Others have common fingerprints – they are often identified incorrectly,” the researchers concluded.
Through: The register (opens in new tab)