Tracking: Bluetooth chipset poses major security hole


Apparently, Bluetooth-enabled devices can be tracked down illegally and tracked through security holes. A research group from the University of California San Diego writes in their paper “Evaluation of physical-layer BLE location tracking attacks on mobile devices” published in spring 2022. close the vulnerability.

Where exactly is the security problem?

“Mobile devices that we carry with us every day, such as smartphones and smartwatches, are increasingly serving as wireless tracking beacons. These devices are constantly in circulation [Daten] Regarding the Bluetooth Low Energy (BLE) protocol,” the paper reads. The Hyge information portal explains the researchers’ findings: A Bluetooth chipset is installed in the manufacture of mobile devices. This is often a type of “combo” chip. which has both BLE and WiFi components. This means that Bluetooth uses the same metrics (carrier frequency offset and IQ imbalance) to uniquely identify Wi-Fi devices—making Bluetooth-enabled devices uniquely identifiable as well.

According to the researchers, the success of tracking attacks is “essentially a matter of luck”.

“In order to perform a physical layer fingerprinting attack, the attacker must be equipped with a software-defined radio sniffer: a radio receiver capable of recording raw IQ radio signals,” the paper states. and further: “When assessing the practicality of this attack in real life, particularly in busy environments such as coffee shops, we found that some devices have unique fingerprints and are therefore particularly vulnerable to tracking attacks, while others have a common fingerprint and often.” BLE threat for mobile device location tracking, but an attacker’s ability to track down a specific target is essentially a matter of luck.”

Because how well the device detection works is always influenced by the BLE chipset of the device and the chipset of the surrounding device. The device temperature and the difference between the BLE transmission power of iPhone and Android devices and the quality of the attacker’s tracer radio also play an important role.

still no solution to the problem

Bluetooth is not only a security gap in mobile devices such as smartphones, electronic locks can also be attacked via Bluetooth. And security experts have discovered that Tesla’s popular e-cars can also be opened and controlled by strangers via Bluetooth.

Researchers at the University of California San Diego write in their article on smartphones and similar Bluetooth attacks that a simple software update will not solve the problem because the problem lies with the hardware. They suggest that intentionally changing the temperature of the terminals at random intervals makes identification even more difficult. Another option is to change the signal chain of the BLE chipset.

Editorial office

Image Credit: Farknaught Architect / Shutterstock



Please enter your comment!
Please enter your name here