New Bluetooth vulnerability could break privacy

Sheila Zabeu -

November 25, 2022

Portable devices that use Bluetooth are vulnerable to a flaw that allows tracking of the user’s location. The finding comes from a new study by Yue Zhang, lead author of the study and a postdoctoral researcher in computer science and engineering at Ohio University, which evaluated flaws in Bluetooth Low Energy (BLE), the subtype of the protocol that consumes less energy. energy when compared to the classic version.

The research was recently presented at the ACM Conference on Computer and Communications Security (ACM CCS 2022) and received an honourable mention for “best paper” at the meeting.

The study explains that Bluetooth devices use MAC addresses, sequences of random numbers that uniquely identify them on a network. Approximately once every 20 milliseconds, a BLE device sends a signal announcing its MAC address to other nearby devices that it can connect to. The flaw allows attackers to observe how these devices interact with the network and collect and analyze data to breach user privacy.

Then the captured MAC address can be applied in a replay attack, allowing attackers to monitor users’ behaviours and know where they’ve been or their location in real-time.

To conclude, more than 50 Bluetooth devices available on the market were tested, as well as four BLE development boards. The researcher said the flaw has already been reported to key members of the Bluetooth ecosystem, including the Bluetooth Special Interest Group (SIG, the organization that oversees the development of Bluetooth standards), hardware and operating system vendors. The Ohio University website notes that Google classified the discovery as a high-severity design flaw and rewarded the researchers for revealing the spot. To complement the study, Zhang presented a possible solution to the problem.

BLE and location services

The Bluetooth Low Energy (BLE) standard is designed to operate with low power consumption. Unlike Bluetooth Classic, which privileges the transmission rate (up to 3Mb/s in up to 50 meters), not caring much about energy efficiency, BLE has emerged as an alternative capable of extending battery life, but at the expense of lower transmission rates, ranging from 125 Kb/s to 2 Mb/s.

According to GIS, although initially known for its communication capabilities, BLE is also widely used as a device positioning technology to meet the growing demand for high-precision location services. BLE has features that allow a device to determine another device’s presence, distance, and direction.

Indoor location solutions are also applied to asset tracking using three components: tags, beacons and gateways. Tags are installed on the asset to be tracked and are responsible for emitting BLE signals. The second component is the beacons, which are receivers of signals. And the third is the gateways communicate with beacons and relay the collected data for analysis.

BLE is one of the most widely applicable low-power connectivity standards. One of the factors behind the rapid growth of technology is the explosion of IoT devices that need to rely on familiar and energy-efficient means of communication. For example, IoT devices, in general, need to have compact dimensions and long battery life, characteristics offered by BLE.

In November, the Bluetooth Special Interest Group (SIG) announced a new specification development project to define the operation of BLE in other unlicensed band spectrum bands, including 6 GHz frequency. According to the entity, allocating an additional spectrum for Unlicensed use is vital to ensure that wireless technologies can continue to meet increasing connectivity demands. The original Bluetooth standard uses the 2.4GHz band; working at higher frequencies, you can achieve higher data transfer rates and avoid interference from other signals.