Hardware flaws give Bluetooth chipsets unique fingerprints

Researchers at the University of California San Diego have shown for the first time that Bluetooth signals each have an individual, traceable fingerprint.

In a paper Presented at the IEEE Security and Privacy Conference last month, the researchers wrote that Bluetooth signals can also be tracked, with the right tools.

However, there are technological and expertise hurdles that a miscreant today would have to take to track a person through the Bluetooth signals in their devices, they wrote.

BLE . is naturally [Bluetooth Low Energy] wireless tracking beacons can pose significant privacy risks,” the researchers wrote. “For example, an adversary may stalk a user by placing BLE receivers near locations they might visit and then detecting the presence of the user’s beacons. lay.”

The researchers — from the school’s departments of Computer Science and Engineering and Electrical and Computer Engineering — pointed to the applications governments have added to Apple iOS and Android devices used during the COVID-19 pandemic that emit constant Bluetooth signals – or beacons – for tracing contacts.

Other examples include the BLE beaconing that Microsoft and Apple have added to their operating systems for functions such as tracking lost devices, connecting smartphones to wireless devices such as wireless earphones or speakers, and enabling users to seamlessly switch between devices. to change gear.

“Therefore, BLE beacons are now common on many mobile platforms, including: phones, laptops and smartwatches,” they wrote.

According to the paper, these devices are constantly transmitting signals at a rate of about 500 beacon signals per minute. To address security and privacy issues, many BLE proximity applications use measures such as cryptographically anonymizing and periodically rotating a mobile device’s identity in their beacons. They will routinely re-encrypt the device’s MAC address, while the COVID-19 contact tracingtheregister.com applications rotate identifiers so that recipients cannot link beacons from the same device.

That said, a person could get past these barriers by fingerprinting the device on a lower layer, the researchers said. Previous studies have shown that wireless transmitters, such as in Wi-Fi, inadvertently have minor imperfections introduced during production that are unique to each device.

The UC San Diego scientists found that similar imperfections in Bluetooth transmitters create distortions that can be used to create a similar unique fingerprint. The fingerprints can be used to track devices and thus their users.

That said, it’s not an easy process.

An attacker would first have to isolate the target to capture the fingerprint in the wireless transmissions and find the unique physical layer characteristics of the device’s Bluetooth transmitter. After that, they would need to place a receiver in a location where the device could be and let it passively snoop for the target’s Bluetooth transmissions.

“They will know when the target device is near the receiver when it captures one or more packets that match the target’s physical layer fingerprint,” the researchers wrote.

“The more times the BLE device transmits, the more likely the attacker is to receive a transmission when a user passes by. In addition, the more accurate the fingerprinting technique is, the better the attacker can distinguish the target from other nearby devices.”

To do all this, the attacker needs a radio receiver that can pick up raw radio signals. The researchers cautioned that a hobby device in the $150 price range could do the job.

In addition, the researchers had to create an algorithm for the work. Wi-Fi signals have a long and well-known range called the “preamble”, but those for Bluetooth are very short.

The algorithm skips the Bluetooth preamble and instead estimates two different values ​​in the whole signal. Here the defects can be found and the unique fingerprint identified.

The researchers developed a fingerprint toolkit and associated methodology that they used to assess how many mobile devices could be identified in public areas such as coffee shops and public hallways. One test found that 40 percent of the 162 detected devices were identifiable through their unique fingerprints; in another experiment, 47 percent of the 647 mobile devices could be identified.

In another test, they followed a volunteer who had an iPhone as they walked in and out of their house for an hour. By simulating an attack, they were able to track the person for most of that time.

However, anyone trying to track a person through their mobile device’s Bluetooth signals will face challenges. Among them are Bluetooth devices with different chipsets that all have different hardware implementations, and some devices have less powerful Bluetooth transmissions than others. In addition, the temperature can affect the Bluetooth fingerprint. The researchers also noted that an attacker would need a certain level of technological expertise to pull this off.

Devices “may be similar to other devices of the same make and model. Or they may not even have certain identifying characteristics if they were developed with low-power radio architectures,” they wrote.

“By evaluating the usability of this attack in the field, particularly in crowded environments such as coffee shops, we found that certain devices have unique fingerprints and are therefore particularly vulnerable to tracking attacks. Others share fingerprints – they will often be misidentified .”

As a result, mobile devices can be tracked via their Bluetooth signals, and the equipment required is not overly expensive. “However, an attacker’s ability to track a particular target is essentially a matter of luck,” the researchers wrote.

#Hardware #flaws #give #Bluetooth #chipsets #unique #fingerprints

Leave a Comment

Your email address will not be published.