A group of researchers from the University of California, San Diego has revealed new security risks associated with Bluetooth technology. The study indicates that the devices that we carry every day, such as smartphones or smart watches, regardless of their brand, suffer a vulnerability that allows high precision tracking attacks.

The root of this security risk is in the Bluetooth Low Energy (LE). It is a technology that is increasingly present in mobile devices that allows the presence of other devices to be identified by their proximity. It brings tracking devices like Apple AirTag, Amazon Tile or Samsung Galaxy SmartTag to life.

Bluetooth Low Energy is a technology also used in different parts of the world since the emergence of COVID-19. Mobile phones continuously generate random identifiers, which are exchanged with other devices that also have a specific application installed to identify close contacts.

The solutions mentioned above, by way of example, in their implementation, may have their own security measures to ensure the safety of users. But a physical vulnerability of Bluetooth Low Energy does impossible to fix with a patch.

As explained by the study titled “Evaluating Physical Layer BLE Location Tracking Attacks on Mobile Devices,” Most Modern Devices with Bluetooth Low Energy emit slightly different patterns, which makes it possible for them to be individually tracked and identified with high precision.

The researchers tested some current popular devices and found that they could successfully identify your wireless “fingerprints.” Among them were the iPhone X, ThinkPad X1 Carbon, MacBook Pro 2016, Apple Watch 4, Google Pixel 5 or Bose QuietComfort 35.

The study leaves Bluetooth Low Energy in a bad way

Credit: Unsplash

The University of San Diego team worked in six cafeterias, a university library and a restaurant, for about an hour at each site. They managed to collect packages from 162 Bluetooth devices during that period and found that around the 40% were identifiable uniquely.

They also installed a Bluetooth LE beacon tracker at the exit of a busy site. They stood there for 20 hours and saw 647 unique MAC addresses. They were able to uniquely identify the 47.1% of them. 15% had blemishes that overlapped with just one other device.

In addition, they tested 17 moving targets. The average false negative rate reached 3.21%, while the average false positive rate reached 3.5%. In other words, the data obtained sustains that the attack can offer a fairly high precision.

Although the vulnerability is present in all devices with Bluetooth Low Energy, some differences were found. The iPhone, for example, using the same chipset, is harder to track than other devices that use different components.

Researchers say turning off the device’s Bluetooth doesn’t cut chances of being tracked. “As far as we know, turn off a [dispositivo] staff will completely prevent it from emitting beacons, “they say, although it is a somewhat drastic option.

Finally, it should be noted that, according to the researchers, no such attacks have been identified so far. However, although in a remote setting, the vulnerability could be exploited to track people.