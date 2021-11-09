A few hours ago the news was MediaMarkt and the ransomware attack it had suffered. One more example of how exposed we are to third-party attacks that begin with our own devices and Bluetooth is a good gateway. It is at least what researchers have discovered when determining that Bluetooth can facilitate the location of our mobile to be tracked.

The Bluetooth connection is now commonplace. Either to connect headphones or synchronize data between devices, just two examples that make many of our mobiles have Bluetooth activated continuously (there was Radar COVID) and that may be exposed to a security breach like the one they just discovered.

One fingerprint for each device

To carry out this discovery they focused on devices that generate a kind of digital signal when communicating with Bluetooth Low Energy (BLE). The features of this version of Bluetooth, with much less consumption and more range, is the reason why many devices always have it activated. It is enough to put three examples of devices that use BLE such as Apple AirTags, Amazon Tiles or Samsung Galaxy SmartTags.

A finding carried out by a series of researchers at the University of San Diego in the United States by which they have determined that a phone can be tracked based on its Bluetooth signal. The study is titled “Evaluation of physical layer BLE location tracking attacks on mobile devices” and shows how almost all devices that use Bluetooth Low Energy emit signal patterns with little differences.

To achieve this, the researchers focused on identifying unique characteristics of the signal radio that generates the Bluetooth connection, a signal variation that is like the fingerprint of a mobile to be unique for each phone.

They ran tests in different public places, from university libraries to restaurants where they collected data from 162 Bluetooth devices of which 40% were identifiable. In fact they claim that with the tests carried out on a Pixel 5, the false negative rate was 0%. They always managed to identify the device. Along with the Pixel 5 they also used iPhone 10, iPhone 8, iPhone 11, MacBook Pro, AirPod, ThinkPad laptops …

This way we could think how you can tell one device from another, even in the same model. In the case of iPhones, being all identical, they offer more difficulties, but are still not impossible to track.

In conclusion, the researchers state that although these devices can be tracked, sometimes they are not easy to differentiate due to temperature variations or similarity to other devices of the same brand and model. In addition, regarding the viability of these types of attacks, they tend to occur in crowded environments and although BLE connectivity presents a threat that allows location tracking, the ability of an attacker to track a particular target is not something that is simple. .

