Bluetooth signals have unique ‘fingerprints’ hackers can track for less than $200

‘Every form of communication today is wireless, and at risk.’

SAN DIEGO — Bluetooth may make digital devices easier to use, but a new study has discovered that these signals carry unique “fingerprints” that cyber criminals can track — revealing a user’s location and possibly much more.

A team from the University of California-San Diego demonstrated for the first time that it’s possible to distinguish an individual signal from mobile devices, including smartphones, smartwatches, and fitness trackers. All of these devices constantly transmit signals called “Bluetooth beacons.” The devices emit these signals at a rate of 500 beacons per minute and enable features such as Apple’s “Find My” lost device tracking device and COVID-19 tracing apps. They also help to connect smartphones and other devices to accessories like wireless headphones.

With previous studies finding that wireless fingerprinting works for WiFi, the team wanted to see if the same could be done with Bluetooth.

“This is important because in today’s world Bluetooth poses a more significant threat as it is a frequent and constant wireless signal emitted from all our personal mobile devices,” says Nishant Bhaskar, a Ph.D. student in the UC San Diego Department of Computer Science and Engineering, in a university release.

Every Bluetooth signal is unique — but that’s not intentional

Study authors explain that every wireless device you own has small manufacturing imperfections in their hardware. These flaws are an accidental byproduct of the manufacturing process and are also unique to every single device. The result creates unique distortions in their signal which act like a fingerprint for every device in the world.

For a hacker, this would allow them to bypass anti-tracking software that constantly changes the address mobile devices use to connect to the Internet. This isn’t exactly an easy process. Fingerprinting techniques for WiFi signals have relied on a long-known sequence called the preamble.

However, the preamble for a Bluetooth beacon is extremely short.

“The short duration gives an inaccurate fingerprint, making prior techniques not useful for Bluetooth tracking,” explains lead author Hadi Givehchian.

The team’s new method of cracking someone’s Bluetooth signal does not rely on the preamble. Instead, it looks at the entire signal using a computer algorithm which estimates two different values in the Bluetooth beacon. The values change depending on the flaws in the Bluetooth hardware, revealing each device’s unique fingerprint.

Hackers can track Bluetooth signals for less than $200!

Using this method tracking method, researchers conducted several real-world experiments to see how effective it is. In one test, they found they could track and identify 40 percent of 162 mobile devices in a public space like a coffee shop.

Next, they found the tracking method could identify 47 percent of 647 devices people carried through a public hallway over two days. Finally, the team then demonstrated that they could carry out an actual tracking attack by fingerprinting and following someone’s mobile device as they walked in and out of their home.

Although there are several challenges a hacker would face, the team says someone with “a high degree of expertise” could successfully track a Bluetooth signal with equipment costing less than $200.

“Every form of communication today is wireless, and at risk,” says senior author Dinesh Bharadia, a professor in the UC San Diego Department of Electrical and Computer Engineering. “We are working to build hardware-level defenses to potential attacks.”

“As far as we know, the only thing that definitely stops Bluetooth beacons is turning off your phone,” Bhaskar concludes.

The team presented its findings at the IEEE Security & Privacy conference in San Francisco.

YouTube video

Leave a Reply

Your email address will not be published. Required fields are marked *