Summary: Researchers have developed a firmware update that can hide a smartphone’s Bluetooth fingerprint, eliminating the vulnerability and potential privacy risks associated with it.
Threat Actor: N/A
Victim: N/A
Key Point :
- A team of researchers at the University of California San Diego has developed a firmware update to hide a smartphone’s Bluetooth fingerprint.
- The vulnerability caused by Bluetooth fingerprints was discovered by the researchers, who presented their findings at the 2022 IEEE Security & Privacy conference.
- The fix to this vulnerability was presented two years later at the 2024 IEEE Security & Privacy conference.
- The implementation of the firmware update is relatively simple, despite the complexity of the math behind it.
- The update is designed to protect against even the strongest possible attack, such as a nation-state attacker.
A smartphoneās unique Bluetooth fingerprint could be used to track the deviceās userāuntil now. A team of researchers has developed a simple firmware update that can completely hide the Bluetooth fingerprint, eliminating the vulnerability.
Bluetooth signals from mobile devices pose privacy risks
The method was developed by a team of researchers at the University of California San Diego. The team discovered the vulnerability caused by Bluetooth fingerprints in a study they presented at the 2022 IEEE Security & Privacy conference. They presented the fix to this vulnerability two years later at the 2024 IEEE Security & Privacy conference. The math behind the update itself is complex but the implementation is not.
āWe assumed the strongest possible attack, a nation-state type of attacker that would know which algorithm we are using. They still failed,ā said Aaron Schulman, one of the paperās senior authors and a faculty member in the UC San Diego Department of Computer Science and Engineering.
Mobile devices, including phones, smartwatches, and fitness trackers, constantly transmit signals, known as Bluetooth beacons, at the rate of roughly 500 beacons per minute. These beacons enable features like Appleās āFind Myā-a tracking service to find a lost deviceāand COVID-19 tracing apps. They also connect smartphones to other devices, such as wireless earphones.
The current approach smartphone companies take to make devices hard to track by their Bluetooth signals is to randomly change the phoneās identity and its MAC address. However, due to unique hardware imperfections, that doesnāt address the physical-layer fingerprints inherent in each deviceās transmissions.
All wireless devices have small manufacturing imperfections in the hardware used to emit these beacons that are unique to each device. These fingerprints are an accidental byproduct of the manufacturing process. These imperfections in Bluetooth hardware result in unique distortions, which can be used as a fingerprint to track a specific device.
Researchers develop multi-layered randomization method
The method the researchers developed uses several layers of randomization. The nature of the method is complex, but itās a bit like using several layers of contact lenses to mask a personās original eye colorāand switching those layers repeatedly and randomly. This method would make it difficult to infer the personās true eye colorāregardless of what the original color actually was.
The UC San Diego researchers implemented a prototype of this new defense on the Texas Instruments CC2640 chipset currently used in a number of smart devices, such as fitness trackers, tags and lighting systems. They analyzed the impact of different parameters that affect the success of attacks to track and fingerprint a device in practical scenarios. The result of their tests shows that the adversary has to observe a device continuously for more than 10 days to achieve the same level of tracking accuracy as they could achieve within a minute without the firmware update.
āThis means that the fingerprints are no longer useful for the attacker to infer the identity of the device and the optimal attacker can barely do better than a random guess,ā said Professor Dinesh Bharadia, one of the paperās senior authors and a faculty member in the UC San Diego Department of Electrical and Computer Engineering.
āYou canāt track the phoneās fingerprint even if youāre sitting right next to it, because both MAC and PHY identities keep changing,ā he added.
Researchers are now looking for industry partners that can build this technology into their chipsets.
āThis defense can be rolled out incrementally, requiring only software modification on at least one widely-used Bluetooth Low Energy chipset,ā said Hadi Givehchian, the paperās first author and a Ph.D. student in the UC San Diego Department of Computer Science and Engineering. āBut in order to deploy this defense widely, we need to partner with Bluetooth chip manufacturers.ā
The team also believes that the method would work to obfuscate WiFi fingerprints.
Source: https://www.helpnetsecurity.com/2024/07/16/firmware-hide-bluetooth-fingerprint
“An interesting youtube video that may be related to the article above”