“40% of Bluetooth devices have location-specific risk”

It is convenient to track the location information of mobile devices such as smartphones. For example, the Find app on Apple’s iPhone and the COVID-19 infection tracking app. However, researchers at the University of California, San Diego reported that they found a problem in 40% of these Bluetooth hardware that could be a security flaw.

The research team said that mobile devices using Bluetooth LE (Bluetooth Low Energy) continue to transmit beacons that enable detection by other devices. You can find it when you lose it, etc., but unfortunately, the research team points out that this feature allows a malicious person to know where you are at all times by identifying and tracking your personal device’s Bluetooth signal.

In theory, even if Bluetooth LE is beaconing all the time, you won’t know where and whose device it is. However, according to research, due to the difference in precision that occurs in the manufacturing process of Bluetooth devices, small distortion occurs in the Bluetooth LE signal emitted by each device, making it possible to distinguish them.

The research team actually identified these small distortions and investigated whether they could identify specific devices in congestion and track individual movements. First, the experiment was conducted in public places such as coffee shops and food courts such as Starbucks using a device called a Bluetooth sniffer. Since smartphones emit Bluetooth signals hundreds of times per second, sniffers can easily identify smartphone communication problems. Next, the research team collected and analyzed Bluetooth signals from 162 smartphones, and found that 40% of them could be identified in a crowd.

In another experiment, a Bluetooth receiver was installed in a door that is often accessed by people and collected Bluetooth signals from more than 600 different mobile devices per day. In order to connect a specific individual in the device characteristics, it is necessary to know which signal is connected to which device in some way. This experiment did not, he said, to investigate how much intrinsic communication characteristics can be observed. However, in theory, if a person with malicious intent goes to a coffee shop where the target person always visits and investigates the communication, there is a possibility of linking the communication characteristics with the individual.

Therefore, as a third experiment, the research team identified a virtual target person and checked whether the location information signal emitted by the target when entering or leaving the house among dozens of signals from Bluetooth devices could be tracked. The research team found that many mobile devices have unique Bluetooth IDs and are vulnerable to tracking attacks. However, he pointed out that this is only a matter of strength, and that every device is different regardless of manufacturer and that signal independence is dependent on manufacturing defects to the last.

The report also confirmed that there are devices that continue to send signals even when Bluetooth is turned off in the settings. You have to power off the device itself to be careful, but that’s not realistic. The researcher said that as possible solutions, such as adding a function to offset a frequency that is used randomly every time, Bluetooth device manufacturers are looking for a protection structure that can be built into the device. Related information can be found here.



Through the monthly AHC PC and HowPC magazine era, he has watched 'technology age' in online IT media such as ZDNet, electronic newspaper Internet manager, editor of Consumer Journal Ivers, TechHolic publisher, and editor of Venture Square. I am curious about this market that is still full of vitality.

Add comment

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most discussed

%d 블로거가 이것을 좋아합니다: