Recently, Boston University published “Tracking Anonymized Bluetooth Devices,” a paper detailing a flaw in the Bluetooth Security Issue. This Bluetooth Security Could Affect Most Devices, exposing users’ tracking and IDs. As explained in the report, many Bluetooth devices announce their presence by using their MAC addresses to generate a random number to prevent long-term tracking.
The team discovered a Bluetooth Security Issue in the system and identifying tokens that exist alongside MAC addresses. The researchers created an address-carryover algorithm that can “exploit the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device. The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic.”
At the center of this Bluetooth Security Issue is the Bluetooth BLE, which stands for Low Energy Specification. Introduced in 2010, it came to the fore with the release of Bluetooth 5. The research team discovered it when they began investigating BLE advertising channels and “advertising events” within standard Bluetooth proximities.
“Most computer and smartphone operating systems do implement address randomizations by default as a means to prevent long-term passive tracking, as permanent identifiers are not broadcasted. However, we identified that devices running Windows 10, iOS, or Mac OS regularly transmit advertising events containing custom data structures which enable certain platform-specific interaction with other devices within the BLE range.”
Although this technique for Bluetooth Security works on any Windows, iOS, and macOS system, Android devices are entirely immune. The Android OS doesn’t continually send out advertising messages and instead takes scanning for advertising messages transmitting nearby.
The projection is that Bluetooth devices will grow from 4.2 to 5.2 billion between 2019 and 2022. So this is a significant issue deserving of attention.