A new study conducted by a team of educators at the University of California, San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore individuals).
Identification, in its core part, depends on the Bluetooth chipset hardware imperfections introduced during the manufacturing process, resulting in a “unique physical-layer fingerprint”.
“To attack a body-level fingerprinting attacker, the attacker must be equipped with a software-defined radio sniffer: a radio receiver capable of recording raw IQ radio signals,” the researchers said. Says A. New paper Title “Evaluate physical-level BLE location tracking attacks on mobile devices.”
The Attack This is due to the ubiquitous nature of Bluetooth Low Energy (BLE) beacons that are constantly transmitted by modern devices to enable vital functions. Contact tracing During public health emergencies.
Hardware errors, on the other hand, stem from the fact that both Wi-Fi and BLE components are often combined into a specialized “combo chip” that effectively subjects Bluetooth with the same metrics that could be uniquely used for fingerprint Wi-Fi. -Fi device: Carrier frequency offset And IQ imbalance.
To track a fingerprint and a device then calculate and find out the CFO and I / Q imperfections for each packet Mahalanobis distance To determine “how close the features of the new packet are” to the previously recorded hardware imperfections with the fingerprint.
“Also, since BLE devices have a temporarily stable identifier in the packet. [i.e., MAC address]We can detect a device based on the average on multiple packets, increasing the accuracy of the detection, “the researchers said.
That said, there are a number of challenges in stopping such attacks in an opponent’s setting, the main one being the ability to uniquely detect a device depends on the BLE chipset used as well as the chipsets of other devices that are in close physical proximity. On purpose
Other important factors that may affect readings include device temperature, BLE transmit power differences between iPhone and Android devices, and the quality of the sniffer radio used by malicious actors to carry out fingerprint attacks.
“In evaluating the effectiveness of these attacks, especially in busy settings such as coffee shops, we have found that some devices have unique fingerprints, and are therefore particularly vulnerable to tracking attacks, others have common fingerprints, often misdiagnosed,” the researchers said. Concluded.
“BLE presents a location tracking threat to mobile devices. However, the ability of an attacker to track a specific target is largely a matter of luck.”