A simple firmware update completely hides the device’s Bluetooth fingerprint

A simple firmware update completely hides the device’s Bluetooth fingerprint

Researchers have developed a firmware update that hides a device’s Bluetooth fingerprint. Source: University of California – San Diego

A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user — until now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating this vulnerability.

The method was developed by a research team at the University of California San Diego. The team discovered the vulnerability caused by Bluetooth fingerprints The paper they presented at the 2022 IEEE Security and Privacy conferenceThey released the fix for this vulnerability two years later 2024 IEEE Security and Privacy conferenceThe math behind the update is complex, but its implementation is not.

“We assumed that the most powerful possible attack would be carried out by a nation-state-type attacker who knew what algorithm we were using. And yet they failed,” said Aaron Schulman, one of the paper’s senior authors and a faculty member in the Department of Computer Science and Engineering at UC San Diego.

Mobile devices like phones, smartwatches, and fitness trackers constantly transmit signals known as Bluetooth beacons at a rate of about 500 beacons per minute. These beacons enable features like Apple’s “Find My” (a tracking service for finding a lost device) and COVID-19 tracking apps; and connect smartphones to other devices like wireless headphones.

The current approach smartphone companies have taken to make it harder to track devices via Bluetooth signals is to randomly change the phone’s ID, its MAC address, but this doesn’t address the physical layer fingerprints that exist in each device’s transmissions due to unique hardware flaws.

All wireless devices have small manufacturing defects in the hardware used to emit these signals that are unique to each device. These fingerprints are an accidental byproduct of the manufacturing process. These defects in the Bluetooth hardware cause unique distortions that can be used as a fingerprint to track a specific device.

The method the researchers developed uses several layers of randomization. The nature of the method is complex, but it is similar to using several layers of contact lenses to mask a person’s original eye color and changing those layers repeatedly and randomly. This method makes it difficult to infer a person’s true eye color, regardless of what the original color actually was.

UC San Diego researchers implemented a prototype of this new defense on the Texas Instruments CC2640 chipset, which is currently used in many smart devices such as fitness trackers, tags, and lighting systems. They analyzed the impact of different parameters that affect the success of attacks to track and fingerprint a device in practical scenarios. The results of their tests show that an attacker would need to observe the device continuously for more than 10 days to reach the level of tracking accuracy that they can achieve without a firmware update in a minute.

“This means that fingerprints are no longer useful for an attacker to deduce the identity of the device, and at best the attacker cannot do better than a random guess,” said Dinesh Bharadia, a professor in the Department of Electrical and Computer Engineering at UC San Diego and senior author of the paper.

“You can’t track your fingerprint even if you’re sitting right next to the phone because both the MAC and PHY identities are constantly changing,” he added.

The researchers are now looking for industry partners who can integrate this technology into chipsets.

“This defense can be implemented incrementally and only requires a software change in at least one widely used Bluetooth Low Energy chipset,” says Hadi Givehchian, first author of the paper and a doctoral student in the Department of Computer Science and Engineering at UC San Diego. “But to implement this defense widely, we need to partner with Bluetooth chip manufacturers.”

The team also believes that this method will also work to hide WiFi fingerprints.

More information:
Givehchian et al.,Evaluating Physical Layer BLE Location Tracking Attacks on Mobile Devices. IEEE Security and Privacy Symposium (2022). DOI: 10.1109/SP46214.2022.00030, … IPnOiQA7iRjYUtqPbUB4

Provided by University of California – San Diego

Quotation: A simple firmware update completely hides a device’s Bluetooth fingerprint (2024, July 10) Retrieved July 10, 2024 from

This document is subject to copyright. No part may be reproduced without written permission, except for any fair use for private study or research. The content is provided for informational purposes only.