Technology

Smartphones can be Identified and Tracked by Bluetooth Signals

Smartphones can be Identified and Tracked by Bluetooth Signals

A team of engineers from the University of California, San Diego, has shown for the first time that the Bluetooth signals emitted by our phones have a unique fingerprint that can be used to track individuals’ movements.

Mobile devices, such as phones, smartwatches, and fitness trackers, constantly transmit Bluetooth beacon signals at a rate of about 500 beacons per minute. These beacons enable features such as Apple’s “Find My” lost device tracking service, COVID-19 tracing apps, and connectivity between smartphones and other devices such as wireless earphones.

Prior research has revealed the existence of wireless fingerprinting in WiFi and other wireless technologies. The UC San Diego team discovered that this type of tracking can also be done with Bluetooth in a highly accurate manner.

“This is significant because Bluetooth poses a more significant threat in today’s world because it is a frequent and constant wireless signal emitted by all of our personal mobile devices,” said Nishant Bhaskar, a Ph.D. student in the UC San Diego Department of Computer Science and Engineering and one of the paper’s lead authors.

Researchers from the Departments of Computer Science and Engineering, as well as Electrical and Computer Engineering, presented their findings at the IEEE Security & Privacy conference in Oakland, California.

This is significant because Bluetooth poses a more significant threat in today’s world because it is a frequent and constant wireless signal emitted by all of our personal mobile devices.

Nishant Bhaskar

All wireless devices have minor manufacturing flaws in the hardware that make each device unique. These fingerprints are an unintended consequence of the manufacturing process. These flaws in Bluetooth hardware cause distinct distortions that can be used as a fingerprint to track a specific device. In the case of Bluetooth, this would allow an attacker to get around anti-tracking measures such as constantly changing the address a mobile device uses to connect to Internet networks.

Individual device tracking via Bluetooth is not simple. Prior WiFi fingerprinting techniques rely on the fact that WiFi signals contain a long known sequence known as the preamble. However, Bluetooth beacon signal preambles are extremely short. “Because of the short duration, previous techniques for Bluetooth tracking are ineffective,” said Hadi Givehchian, a UC San Diego computer science Ph.D. student and lead author on the paper.

Instead, the researchers designed a new method that doesn’t rely on the preamble but looks at the whole Bluetooth signal. They developed an algorithm that estimates two different values found in Bluetooth signals. These values vary based on the defects in the Bluetooth hardware, giving researchers the device’s unique fingerprint.

Real-world experiments

Several real-world experiments were conducted by the researchers to evaluate their tracking method. In the first experiment, they discovered that 40% of 162 mobile devices seen in public places, such as coffee shops, were uniquely identifiable. They then expanded the experiment and observed 647 mobile devices in a public hallway over the course of two days. The researchers discovered that 47 percent of these devices had unique fingerprints. Finally, the researchers demonstrated an actual tracking attack by fingerprinting and following a study volunteer’s mobile device as it walked in and out of their house.

Bluetooth signals can be used to identify and track smartphones

Challenges

Although their discovery is concerning, the researchers also discovered a number of difficulties that an attacker will face in practice. Temperature changes, for example, can affect the Bluetooth fingerprint. Certain devices also send Bluetooth signals with varying degrees of power, which influences how far these devices can be tracked.

Researchers also point out that their method requires a high level of expertise from an attacker, so it is unlikely to be a widespread threat to the public today. Despite the difficulties, the researchers discovered that Bluetooth tracking is likely feasible for a wide range of devices. It also does not necessitate sophisticated equipment: the attack can be carried out with equipment costing less than $200.

Solutions and next steps

So, how can the problem be resolved? Bluetooth hardware would need to be completely redesigned and replaced. However, the researchers believe that other, simpler solutions can be found. The team is currently working on a method to conceal Bluetooth fingerprints in Bluetooth device firmware using digital signal processing.

Researchers are also investigating whether the method they developed could be applied to other types of devices. “Every form of communication today is wireless, and at risk,” said Dinesh Bharadia, a professor in the UC San Diego Department of Electrical and Computer Engineering and one of the paper’s senior authors. “We are working on hardware-level defenses against potential attacks.”

Researchers discovered that simply turning off Bluetooth does not prevent all phones from emitting Bluetooth beacons. When turning off Bluetooth from the control center on the home screen of some Apple devices, for example, beacons continue to be emitted. “As far as we know, the only thing that definitely stops Bluetooth beacons is turning off your phone,” Bhaskar said.

Researchers are careful to state that, while they can track individual devices, they cannot obtain information about the devices’ owners. The study was reviewed by the campus’ Internal Review Board and campus counsel.