Security experts have found a way to track people using the Bluetooth chips built into their mobile devices and laptops, but it's a lot harder than it sounds (and it's not quite effective yet).
Researchers at the University of California, San Diego have discovered that every Bluetooth chip has a small imperfection created during the manufacturing process. In a sense, despite being mass-produced and having anti-identification measures, all of these chips are somewhat unique.
This singularity, the researchers found, can be traced.
Device Fingerprint
However, to track the chip, the would-be attacker would first need to identify the device or "capture" its unique "fingerprint" to identify this tiny blemish. After that, they need a radio receiver capable of recording raw radio signals. Apparently this can be done with standard hardware that doesn't cost more than €150.
In addition, they must be relatively close to the victim in order to eavesdrop on Bluetooth transmissions. To further complicate matters, not all chips have the same capacity and range.
"They will know when the target device is very close to the receiver when it captures one or more packets that match the physical layer fingerprint of the target," the researchers explain.
"The more frequently the BLE device transmits, the more likely it is that the attacker will receive a transmission if a user walks by. Also, the more accurate the fingerprinting technique, the better the attacker will be able to differentiate the target from other nearby devices."
While the concept may work when there are only a handful of devices, it gets a bit trickier in crowded environments. By testing the flaw in 162 devices, the researchers were able to identify 40% of Bluetooth chips, while by testing in 647 mobile devices, the percentage increased to almost half (47%).
"In assessing the feasibility of this attack in the field, particularly in high-traffic environments such as cafes, we found that some devices have unique fingerprints and are therefore particularly vulnerable to sniffing attacks. Others have common fingerprints, they will often be misidentified,” the researchers concluded.
Via: The Registry (Opens in a new tab)