Engineers at the University of California have proven that each device's Bluetooth signal leaves a unique trail of human movement.
Thus, attackers can track the movement of a specific person by knowing only their Bluetooth frequency, despite VPN protection. The only thing that can prevent hackers from doing this is the high temperature. It distorts the Bluetooth waves and makes it impossible to identify the person.
A team of engineers at the University of California, San Diego has demonstrated for the first time that the Bluetooth signals constantly being emitted by our mobile phones have a unique fingerprint that can be used to track a person's movements.
Mobile devices, including phones, smartwatches and fitness trackers, constantly transmit signals known as Bluetooth beacons at a rate of around 500 beacons per minute. applications for tracking COVID-19; and connecting smartphones to other devices, such as wireless headphones.
Previous research has shown that wireless fingerprinting exists in WiFi and other wireless technologies. The critical insight of the University of California, San Diego team was that this form of tracking could also be done using Bluetooth with high accuracy.
"This is important because in today's world, Bluetooth poses a greater threat because it is a frequent and constant wireless signal emitted by all our personal mobile devices," said Nishant Bhaskar, Ph. D. student in the Department of Computer Science and Engineering at the University of California, San Diego and one of the lead authors of the paper.
The team, which includes researchers from computer science and engineering and electrical and computer engineering departments, presented its findings at the IEEE Security & Privacy conference in San Francisco, California, on May 24, 2022.
All wireless devices have small hardware manufacturing defects that are unique to each device. These fingerprints are an accidental by-product of the manufacturing process. These imperfections in the Bluetooth hardware result in unique distortions that can be used as fingerprints to track a particular device. For Bluetooth, this would allow an attacker to bypass tracking protection methods, such as permanently changing the address that the mobile device uses to connect to Internet networks.
Tracking individual devices via Bluetooth is not as easy. Previous fingerprinting methods created for WiFi are based on the fact that WiFi signals include a long known sequence called a preamble. But the preamble for Bluetooth beacon signals is very short.
"The short duration gives an inaccurate fingerprint, which makes previous methods useless for Bluetooth tracking," said Hadi Giwehchian, also a computer science doctoral student and lead author at the University of California, San Diego.
Instead, the researchers developed a new method that does not rely on the preamble but looks at the entire Bluetooth signal. They developed an algorithm that evaluates two different values in Bluetooth signals. These values vary depending on defects in the Bluetooth hardware, giving the researchers a unique fingerprint of the device.
The researchers evaluated their tracking method through several real-world experiments. In the first experiment, they found that 40% of the 162 mobile devices spotted in public places, such as cafés, were uniquely identifiable. They then expanded the experiment and monitored 647 mobile devices in a public corridor over two days. The team found that 47% of these devices had unique fingerprints. Finally, the researchers demonstrated a real tracking attack by taking the fingerprints and tracking a mobile device belonging to a research volunteer as he or she entered and exited the house.