A team of engineers from the University of California at San Diego first demonstrated that the Bluetooth signal emitted by our phones regularly has a single handprint that can be used to track and monitor everyone’s movements.
The idea of using Bluetooth flashlights for less “orthodox” purposes has risen many times. However, for the first time, researchers have shown that it is possible to monitor people.
Your phone can “report” the user’s location
Mobile devices, including telephones, smart watches, and physical bands, transmit a constant signal, known as a Bluetooth beacon, at a speed of about 500 beats per minute. These allow features such as Apple Find My Network’s “Find My” lost tracking tool; COVID-19 control application, and allows the smartphone to connect to other devices such as wireless headphones.
In previous studies, it has been possible to detect the presence of wireless connectivity in WiFi networks and in other wireless technologies. The critical assumption of the UC San Diego team is that this form of monitoring can be done using Bluetooth, in a very accurate way.
This is important because in today’s world Bluetooth poses a greater threat than it is a frequent and constant wireless signal issued by all personal mobile devices.
Nishant Bhaskar, a master’s student in the Department of Computer Science and Engineering at UC San Diego and one of the newspaper’s lead writers, explained.
The team, which includes researchers from the Department of Computer Science and Engineering and Electrical and Computer Engineering, presented their results at the IEEE Security & Privacy conference in Oakland, California on May 24, 2022.
The imperfection that provides a single Bluetooth signal
All wireless devices have minor defects in the production of devices that are unique to each device. These handprints are an accidental result of the production process. These imperfections with Bluetooth devices result in unique manipulations, which can be used as a handprint to track specific devices.
For Bluetooth, this allows an attacker to circumvent anti-surveillance techniques, such as constantly changing the address used by the mobile device to communicate with the Internet network.
Controlling each device via Bluetooth is not easy. Previous fingerprint techniques developed for WiFi depend on the situation The WiFi signal has a long -known sequence called a preamble. But the preface to the Bluetooth beacon signal is very short.
Instead, researchers have developed a new method that does not rely on the preamble, but analyzes the entire Bluetooth signal. They created an algorithm that evaluates two different values found in a Bluetooth signal. These values vary depending on the fault of the Bluetooth device, giving the investigator a unique reference to the device.
The global experience
The researchers evaluated the control method, or diagnosis, through real-world experiments. On the first experiment, the group found this 40% of the 162 mobile devices found in public places such as coffee shops are known unique.
They then extended the experience and surveyed 647 mobile devices on public roads for two days. The team found that 47% of these devices have a single handprint. Finally, the researchers demonstrated the actual surveillance attack using handprints and tracking a mobile device owned by the volunteers studied as they entered and left their homes.
Bluetooth: Is this vision disturbing?
While this research may move with concern, researchers have found many challenges faced by attackers in practice. Changes in ambient temperature, for example, you can change the Bluetooth signal. Some devices also send Bluetooth signals have different strengthsand this affects the distance of these devices.
Experts have also noted that attackers require a high level of experience, so it is unlikely to be a threat to the general public today.
Despite the challenges, the group found that Bluetooth monitoring could be possible on multiple devices. It also does not require sophisticated equipment: the attack can be carried out on a device that costs less than 200 euros.
So how can the problem be solved?
In general, the Bluetooth devices must be upgraded and replaced. However, researchers believe that there are other, easier solutions. The team is currently working on how to hide the Bluetooth fingerprint by processing a digital signal in the Bluetooth device firmware.
The authors of this study are also exploring whether the methods they developed can be applied to other types of materials. In addition, they noticed this just turning off Bluetooth may not necessarily be disabled but all phones emit a Bluetooth flashlight. For example, the flashlight still comes on when you turn off Bluetooth in the Control Center on the home screen on some Apple devices.
As far as we know, the only thing really blocking a Bluetooth flashlight is turning off your phone.
Despite all that has been revealed, investigators are careful that even if they can monitor each device. cannot get information about the owner of the device.
The study was reviewed by the Campus Internal Review Board and the campus council.