Bluetooth is found in almost all modern gadgets, and therefore a newly discovered error in the communication protocol should be taken very seriously.
As ZDNet first reported, David Starobinski and Johannes Becker of Boston University outlined in a research archive how smartphones, laptops, and wearables can be tracked through an exploitation in Bluetooth technology.
According to the document, there is an error in the ever-changing, randomized MAC addresses designed to keep Bluetooth devices safe from tracking. This security method can record into a bad actor's hand so that they can not only track a device, but also get information about their identity and user activity.
The core of this Bluetooth error is a problem where identification tokens and random MAC addresses do not change in synchronization, allowing Boston Unversity researchers to call a "transfer algorithm" to continuously track a device using a secondary "pseudo-identity."
"The address transfer utility utilizes the asynchronous character of address and payload change, and uses unchanged identification of tokens in the payload to trace a new incoming random address back to a known device," the paper writes. "In that case, the address transfer algorithm neutralizes the target of anonymity in broadcast channels calculated by frequent address selection."
MORE: New Windows 1
Utilization works on Windows 10, iOS and macOS devices, including iPhones, Surface devices and MacBooks. Android devices advertise their traffic in a completely different way (by searching for nearby ads, there is no active, continuous tracking) and are immune to the vulnerability.
Researchers who discovered the Bluetooth error listed several rules that could protect affected devices, the main point being to synchronize any changes in tracking information with changes to a device's MAC address. Turning Bluetooth on and off iOS and MacOS devices (sorry Windows users, this doesn't help you) is a temporary solution, but it's up to the manufacturers to create a more permanent solution. However, Bluetooth utilization was first revealed to Microsoft and Apple in November 2018, suggesting that it is not a high priority for these companies.
"Since the Bluetooth adoption is expected to grow from 4.2 to 5.2 billion units between 2019 and 2022, with over half a billion of them portable and other data-focused connected devices, establishing tracking-resistant methods, especially on unencrypted communication channels are crucial, "the paper writes.
Although no known cases were cited, scientists warn that if BLE vulnerability remains unchecked, opponents could eventually combine purchase transactions, face recognition, and other sensitive info with tracking data to create an exposed user's profile.