Researchers at the University of California, San Diego, have introduced a firmware update designed to completely hide a smartphone's unique Bluetooth fingerprint. They said this advancement could eliminate the vulnerability that allows a device to be tracked based on a Bluetooth signal.
New Firmware Update Hides Bluetooth Fingerprint
Aaron Schulman, a senior author of the paper and a faculty member in the UC San Diego Department of Computer Science and Engineering, noted that even under the assumption of the most severe type of attack, such as those by a nation-state, the attackers failed to bypass the update.
Bluetooth beacons, transmitted by mobile devices such as phones, serve various functions, including Apple's "Find My" service and COVID-19 tracing apps.
These beacons are sent at a rate of about 500 per minute, facilitating connections between smartphones and other devices, such as wireless earphones. Current practices involve randomly changing a device's MAC address to make it difficult to track them through their Bluetooth signals.
However, according to the researchers, this method does not address the unique physical-layer fingerprints that arise from slight imperfections in each device's hardware.
Each wireless device has minor manufacturing imperfections that lead to unique distortions in the Bluetooth signals they emit. These imperfections create a distinct fingerprint for each device.
Similar to Wearing Contact Lens
The researchers have developed a method that employs multiple layers of randomization, similar to using several layers of contact lenses to obscure a person's eye color and switching these layers randomly and repeatedly.
This makes it challenging to determine a device's true fingerprint. The researchers deployed a prototype of this new defense on the Texas Instruments CC2640 chipset, which is utilized in various smart devices.
They examined how different parameters influence the success of tracking and fingerprinting a device in real-world scenarios. Their tests indicated that an adversary would need to observe a device for over 10 days to achieve the same level of tracking accuracy that could be attained within a minute without the firmware update.
Dinesh Bharadia, a senior author of the paper and a faculty member in the UC San Diego Department of Electrical and Computer Engineering, noted that the new method renders the fingerprints ineffective for attackers, making it almost as difficult for them to identify a device as making a random guess.
Bharadia added that the phone's fingerprint remains untraceable even if the attacker is nearby because the MAC and PHY identities constantly change. The research team seeks industry partners to incorporate this technology into their chipsets.
Hadi Givehchian, the paper's first author and a Ph.D. student in the UC San Diego Department of Computer Science and Engineering, said this defense could be gradually implemented with a software modification on a widely-used Bluetooth Low Energy chipset.
However, broad deployment of this defense would require collaboration with Bluetooth chip manufacturers. Furthermore, the researchers believe that their method could also effectively obscure WiFi fingerprints, potentially extending the security benefits beyond Bluetooth-enabled devices.
The research team presented their findings in the IEEE Symposium on Security and Privacy.
Related Article : Bluetooth Creators Get the Green Light to Use Viking King's Name for Next 1,000 Years