[HN Gopher] Bluetooth signals can be used to identify and track ...
___________________________________________________________________
Bluetooth signals can be used to identify and track smartphones
Author : giuliomagnifico
Score : 58 points
Date : 2022-06-09 17:16 UTC (5 hours ago)
(HTM) web link (ucsdnews.ucsd.edu)
(TXT) w3m dump (ucsdnews.ucsd.edu)
| sieabah wrote:
| Was this not apparent when every manufacturer was working on
| Covid tracking in the open? Were people really not aware of the
| technologies being employed? That technology now exists on every
| phone that has had any semblance of an update in the past two
| years. There is no privacy, you have always been and will always
| be completely trackable.
|
| You can even use ultrasonic sound signatures so your phone
| doesn't even need to be broadcasting using bluetooth, wifi, or
| cell. Just the speaker alone at a pitch you cannot hear is enough
| to track you.
|
| Edit: I enjoy how this gets downvoted for pointing out that
| technology has downsides...
| cvccvroomvroom wrote:
| This is generally old news.
|
| Philz Coffee in Palo Alto, CA and major department stores in the
| US have been doing this for years to track foot traffic. If you
| don't want to be tracked, turn off BT and Wifi and demand the
| protocol stds body and mfgrs support even stronger randomized hw
| addresses.
| pcdoodle wrote:
| If you're on iPhone, you're still beaconing if you turn it off
| in the swipe down control center, the only way around this is
| to go into Settings and turn it off there.
|
| Also of interest, your iOS BLE "Random" MAC transmits every few
| seconds and can take up to 48 hours to change. I wrote some
| software for the Pi that would allow me to enroll a phone when
| someone was nearby (By RSSI) and then with a directional
| antenna later in the day, you could confirm presence in a house
| / building.
|
| You can also infer presence of anyone in a house because of
| this. Oh hey, 2 iPhones in the ex girlfriends apartment, Wonder
| what's going on in there...
|
| Yeah creepy.
| kube-system wrote:
| > It's the first time researchers have demonstrated it's feasible
| to track individuals using Bluetooth
|
| wat.jpg
|
| Google scholar has papers going back at least 18 years on this.
| causi wrote:
| Couldn't you do this anyway with the device's BD_ADDR, or is that
| not included in beacons?
| lxgr wrote:
| For BLE, there is address privacy; for classic Bluetooth, I
| believe that devices do not broadcast their own address except
| when explicitly discoverable (for pairing).
| dmitrygr wrote:
| Not since private resolvable addresses in BLE and nobody using
| classic anymore (except for car kits / audio where phone will
| wait to be connected to)
| lxgr wrote:
| > "As far as we know, the only thing that definitely stops
| Bluetooth beacons is turning off your phone," Bhaskar said.
|
| At least for recent Apple devices, that's not true anymore
| (intentionally, as it is used to support "Find my iPhone" even
| with a dead battery or on a phone that's been switched off):
|
| https://arxiv.org/abs/2205.06114
| lancesells wrote:
| That's a setting you can turn off in iOS
| neuralRiot wrote:
| Faraday bags
| cvccvroomvroom wrote:
| No need. There's a real off mode.
| gnicholas wrote:
| FWIW, this can be capability can be disabled when you power
| down the device. Not sure if you can make it a persistent
| preference or if you have to do it every time, though.
| DINKDINK wrote:
| comments are focusing on the protocol's message content which is
| not the source of the ability to track broadcasters. The ability
| comes from detecting nuances in the RF signal:
|
| >BLE [snip] imperfections are introduced by the shared I/Q
| frontend of the chipset (Figure 1). They result in two measurable
| metrics in BLE and WiFi transmissions: Carrier Frequency Offset
| (CFO) and I/Q imperfections, specifically: I/Q offset and I/Q
| imbalance.
|
| links to the paper:
|
| https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf
|
| https://www.researchgate.net/publication/360655420_Evaluatin...
|
| Git repo: https://github.com/ucsdsysnet/blephytracking
| usrn wrote:
| Buetooth is just nasty and it's one of the few interfaces I feel
| uncomfortable turning on even on my Linux devices.
| mvelie wrote:
| Apple has added recently at least for the BTLE implementation an
| address randomization much like they did for wifi, details of
| which can be found here:
| https://support.apple.com/guide/security/bluetooth-security-...
| giuliomagnifico wrote:
| > All wireless devices have small manufacturing imperfections
| in the hardware that are unique to each device. These
| fingerprints are an accidental byproduct of the manufacturing
| process. These imperfections in Bluetooth hardware result in
| unique distortions, which can be used as a fingerprint to track
| a specific device.
|
| >For Bluetooth, this would allow an attacker to circumvent
| anti-tracking techniques such as constantly changing the
| address a mobile device uses to connect to Internet networks.
| hinkley wrote:
| It's like sci fi movies where they track ships based on their
| engines. Turn off your transponder and they still know who
| you are, unless you really try to camouflage yourself.
| barbegal wrote:
| Address randomization helps but it's not enough. The phone
| still transmits at a regular cadence so it's pretty easy to
| figure out which old address has changed into which new address
| and keep tracking the same device.
| r00fus wrote:
| possible != "pretty easy". How do you do this with multiple
| devices in the same location?
| rizza wrote:
| This is true of ALL wireless communications platforms/hardware. I
| remember reading that this technique was exploited by the CIA and
| was used against the drug cartels from the 80's onward.
| kop316 wrote:
| Here is the paper:
| https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf
| notorandit wrote:
| Do you mean that you ignore the unique BT MAC address and track
| instead those tiny signal deviations that hopefully make each
| device unique?
|
| Cool!
___________________________________________________________________
(page generated 2022-06-09 23:01 UTC)