Hardware Flaw in Bluetooth Chipsets Could Allow Signal Tracking

But it’s easier said than done, suggest experts

  • Researchers demonstrate that Bluetooth signals can be uniquely identified thanks to tiny imperfections in the chips.
  • The process, however, is better suited for tracking groups of people rather than individuals, suggest experts.
  • They suggest it should be used as another example to push for stringent regulations to curb tracking.
Investor reviews stock market data on several monitors

Laurence Dutton / Getty Images 

Researchers have uncovered another Bluetooth flaw, which could pose a risk to your privacy if only it were easy to weaponize.

At the recent IEEE Security and Privacy conference, researchers from the University of California, San Diego, presented their findings about Bluetooth chips having unique hardware imperfections that can be fingerprinted. This theoretically enables attackers to track users through the Bluetooth chips embedded in their smart gadgets, although the researchers themselves admit the process requires a considerable amount of work and a healthy dollop of luck.

"The 'tracking' of user devices they describe is another escalation in the ongoing arms race between data brokers and privacy-minded device manufacturers," Evan Krueger, Head of Engineering at Token, told Lifewire over email. "This technique is unlikely to be used for a targeted attack, like stalking or intimate partner violence in the way people have seen Apple AirTags used recently."

Bluetooth Forensics

The researchers argue that lately, mobile devices, including smartphones, and smart watches, have doubled up as wireless tracking beacons, constantly transmitting signals for applications such as contact tracing or finding lost devices.

According to the researchers, our smart devices are constantly beaming hundreds of beacons per minute. In their tests with several smart devices, they clocked the iPhone 10, sending out over 800 signals per minute, while the Apple Watch 4 spit almost 600 beacons every 60 seconds.

"These [Bluetooth] applications use cryptographic anonymity that limit an adversary's ability to use these beacons to stalk a user," noted the researchers. "However, attackers can bypass these defenses by fingerprinting the unique physical-layer imperfections in the transmissions of specific devices."

The research is noteworthy since it has helped demonstrate that Bluetooth signals have a distinct, and trackable fingerprint.

However, the exact process for identifying the unique signal of a device takes some doing, and isn't always guaranteed to work since not all Bluetooth chips have the same capacity, and range.

Tug of War

"Based on the research, this technique does not seem likely to be used in the real world without some iterations to simplify its use and make it more stable," Matt Psencik, Director, Endpoint Security Specialist, at Tanium, told Lifewire over email, after perusing through the paper.

Psencik illustrated his argument by saying that he just used a BluetoothLE Scanner app which picked up 165 Bluetooth devices near him while on the third floor of an apartment building. "With this in mind, using this method to track someone through crowded places would be a feat better accomplished with classic line of sight visual tracking," said Psencik. 

He noted that while the researchers have identified a flaw in Bluetooth, their tracking mechanism would generate a whole lot of data with little pay-off. 

Someone using a smartphone emitting a signal as they walk past another person using a smartphone and wearing a protective mask.

galitskaya / Getty Images

Krueger agreed, saying rather than an exploit to track individual people, the researchers' work will probably be of interest to data broker companies who attempt to surveil people en masse and sell that data, or access to it, for advertising purposes. 

"While a retailer may see the tracking of customers via Bluetooth fingerprinting as they move around their store as harmless to the customers and beneficial to the business, the consequences of unfettered surveillance are worrisome indeed," believed Krueger.

Explaining the gravity of the situation, Krueger said people are fairly handicapped in directly combatting this kind of tracking, given the level of sophistication employed by these fingerprinting techniques and the ubiquity of Bluetooth beaconing in products that have become essential to our daily lives. 

The one option people have is to look for products and services with a demonstrable track record of prioritizing user privacy, from companies that have voiced support for legislation to curb widespread targeted tracking of people, as described in the paper.

"Those may feel like small or even inconsequential steps for an individual to take," acknowledged Krueger, "but this is a collective action problem, and it can only be addressed through sustained, cumulative market and regulatory pressure."

Was this page helpful?