Boffins at the University of California San Diego have found a way to track individuals via Bluetooth.
Researchers discovered that the Bluetooth signals emitted by mobile phones carry a unique fingerprint, caused by small imperfections accidentally created during the manufacturing process.
The results of their real-world experiment around the UC San Diego campus are impressive:
“The researchers evaluated their tracking method through several real-world experiments. In the first experiment, they found 40% of 162 mobile devices seen in public areas, for example coffee shops, were uniquely identifiable. Next, they scaled up the experiment and observed 647 mobile devices in a public hallway across two days. The team found that 47% of these devices had unique fingerprints. Finally, the researchers demonstrated an actual tracking attack by fingerprinting and following a mobile device owned by a study volunteer as they walked in and out of their house.”
It’s far from plain-sailing to track someone, however, as a number of factors – including changes in the ambient temperature – can alter the Bluetooth fingerint.
The researchers conclude that Bluetooth hardware would need to be redesigned and replaced to properly rectify the problem. It’s hard to imagine that happening anytime soon. But they also say that it may be possible to hide the tell-tale fingerprints by processing the digital Bluetooth signal in the firmware.
More details of the research can be found in the technical paper presented by the researchers.
Clever stuff.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
