1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

An exploit shows your Bluetooth-connected mobile devices are vulnerable to tracking

By nanoguy
Jul 18, 2019
Post New Reply
  1. Boston University engineers have just come out with an extensive analysis on how the Bluetooth implementation on a number of popular modern devices could allow anyone to identify and track you. Everything from Apple and Microsoft seems to be affected, as well as wearables from companies like Fitbit that appear to be the easiest to exploit.

    The vulnerability was discovered by David Starobinski's research team, who had been looking at different IoT protocols to assess if they presented any privacy risks. The one they found is related to the way Bluetooth devices pair with one another. To do that, they have to establish a hierarchy in which one plays the central role and the other is the peripheral, so that they can begin exchanging information.

    The peripheral -- say, a pair of headphones -- has to broadcast its identity (a unique address) so that the central device -- your phone -- can know about its presence and its availability for a connection, which is stored along with some other information in something called a payload.

    Most Bluetooth low-energy devices are configured to send randomized addresses that change periodically as an attempt to improve privacy, but BU researchers found that the payload remained the same, meaning a simple "sniffer" algorithm could treat that information as a unique identifier instead.

    Interestingly enough, Android devices aren't affected by the exploit, because they don't broadcast any identifying tokens, instead relying on peripheral devices to advertise themselves. In any case, the researchers notified Microsoft and Apple about their findings in November last year, and while we don't know if they've patched the problem yet, a simple way to deal with this is as simple as turning Bluetooth off and back on your device.

    There is no reason to be worried for now, even as Bluetooth adoption is "projected to grow from 4.2 to 5.2 billion devices between 2019 and 2022". The researchers noted that while manufacturers would do well to take privacy more seriously, there are many other ways to track people even without Bluetooth. That is, you can keep using your smartwatches and other wearables, but it's good to be aware about the fact that they may as well be "broadcasting something all the time."

    Permalink to story.

  2. Misagt

    Misagt TS Maniac Posts: 299   +213

    I'm shocked! Who would think that highly advanced electronics could have the ability to be used to spy on people. It's almost like there are people out there who want control over others.
    p51d007 likes this.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...