Bluetooth security flaws are hardly big news for most smartphone users, as we often come across new Bluetooth vulnerabilities that allow criminals illegal access to modern devices to eavesdrop, bug a victim's phone, steal data, execute harmful commands, or even fully take over a stranger's phone.
Last month, we even reported on a serious Bluetooth chip firmware vulnerability—which cannot be simply patched up with an update like most others—which led to an onslaught of BrakTooth hacks
And now, a group of researchers from the University of California San Diego has discovered
a new and rather scary vulnerability, which almost seems too simple to have gone by unnoticed for so long. This weakness potentially allows you, as a smartphone user, to be targeted and tracked wherever you go, simply by following your Bluetooth signal as long as it is enabled (and sometimes, even when it isn't).
40% of Bluetooth signals create a unique fingerprint
It turns out that most modern Bluetooth-capable devices such as smartphones, laptops, and even headphones contain individual imperfections on their BLE (Bluetooth Low Energy) chips, which makes each of them emit a slightly different pattern of variations in the signal.
This means that most devices have their own minimally varying pattern of BLE emission, making it possible to be picked out from a crowd and followed around.
The group of seven researchers collected their datasets in two different sessions using a basic, off-the-shelf (sub-$200) receiver to intercept BLE signals.
The first time around, they collected Bluetooth signals from random strangers at "six coffee shops, a university library, and a food court, each for about an hour." From the 162 devices that were intercepted, 40% of them were found to be uniquely identifiable.
During the second round, the researchers had fine-tuned the software of the receiver to better suit their purposes, and this time set it up at the door of a room that saw hundreds of people enter and leave on a daily basis. The group particularly looked for outgoing COVID-9 Exposure Notifications, which transmitted loud and clear BLE beacons they could record.
After two 10-hour interception sessions, the researchers found that 47.1% of all 647 unique devices intercepted were uniquely identifiable. Another 15% on top of these had signal variations that overlapped with only a single other device.
Of the uniquely identifiable devices, the researchers attempted to follow around 17 of them—much like a stalker might do, if they were to use this tactic. And they found they were able to track their target with about 97% accuracy, which makes it a rather effective technique to be potentially used by stalkers or attackers looking to track a victim in relative proximity.
iPhones and Android phones are both susceptible
The Bluetooth tracking vulnerability doesn't discriminate between phone brands, although there were some differences encountered between tracking iPhones and Android devices by other manufacturers.
For one, iPhones generally emitted a stronger Bluetooth signal, which made them stand out above other devices—but on the other hand, the researchers said, it was more difficult to differentiate between chips of the same make, such as Apple.
Turning off Bluetooth may not turn off your Bluetooth
Additionally, one of the rather scary discoveries was that sometimes, even turning off your Bluetooth may not protect you. It was found that certain devices emitted signals even with the function turned off, with the only surefire way being to shut down your device completely.
But obviously, that's unrealistic for most people—what's the point of even owning a smartphone if you're going to keep it powered off?
A suggested solution
Researchers put forward a possible hardware-integrated solutions that could eliminate this weakness by altering the BLE frequencies' pattern, with a "random time-varying extra frequency offset to the crystal oscillator [to] make signal measurements less predictable."
The full details of the researchers' findings will be presented at the 43rd IEEE Symposium on Security and Privacy in 2022, along with the proposals for solutions to this concerning vulnerability of Bluetooth-enabled smartphones to be individually tracked by their BLE signal.