(Credit: ymgerman/Shutterstock)
SAN DIEGO — Do you ever worry about your smartphone giving away your location? You’re not alone. In our hyper-connected world, mobile devices are constantly chatting away, sending out signals that could potentially be used to track their users. However, a team of clever researchers has just dropped a game-changing solution that could put those privacy concerns to bed.
Your smartphone loves to chat. It constantly sends out little “hello” messages via Bluetooth — about 500 times per minute, to be exact. These messages, called Bluetooth beacons, are super useful. They can help you find your phone when it’s lost, keep track of COVID-19 exposure, and connect phones to those wireless earbuds many people can’t live without today.
Here’s the catch: each phone has its own unique way of saying “hello.” It’s like a fingerprint but for Bluetooth signals. Just like a fingerprint can identify you, this Bluetooth fingerprint can potentially be used to identify and track your device – and, by extension, you. Creepy, right?
Well, the tech wizards at the University of California-San Diego thought so as well. According to their presentation at the 2024 IEEE Security & Privacy conference, they’ve come up with an innovative solution that’s like an invisibility cloak for your phone’s Bluetooth signals.
“We assumed the strongest possible attack, a nation-state type of attacker that would know which algorithm we are using. They still failed,” says Aaron Schulman, one of the senior study authors behind this breakthrough, in a university release.
Now, you might be thinking, “Don’t phones already try to hide their identity?” You’re not wrong.
Smartphone companies do attempt to make devices harder to track by randomly changing the phone’s MAC address (think of it as your phone’s digital ID card). However, that’s only part of the problem.
Researchers explain that each phone’s hardware has tiny, unique imperfections from the manufacturing process. These imperfections create subtle distortions in the Bluetooth signals, which is what creates the fingerprint. It’s like how each person’s voice is unique due to the shape of their vocal cords.
How did researchers tackle this problem?
The answer is simple: they got creative with randomization.
Imagine you’re trying to disguise your eye color. You could wear colored contacts, but a keen observer might still figure out your real eye color. So, what if you wore several layers of contacts and kept switching them randomly? It would be nearly impossible for someone to guess your true eye color then.
This new method does exactly that but with Bluetooth signals instead of eye color. It adds several layers of randomization to the signal, making it incredibly difficult for anyone to pin down the device’s true “fingerprint.”
The best part? This isn’t just a theoretical concept. The team has already created a prototype using a chipset found in many smart devices like fitness trackers and smart lighting systems. Moreover, the results have been impressive.
“This means that the fingerprints are no longer useful for the attacker to infer the identity of the device and the optimal attacker can barely do better than a random guess,” explains Professor Dinesh Bharadia, another senior author from the UC San Diego Department of Electrical and Computer Engineering.
In fact, with this new tech in place, a would-be tracker would need to observe a device continuously for more than 10 days to get the same level of tracking accuracy they could achieve in just one minute without the update. Talk about a game-changer!
“You can’t track the phone’s fingerprint even if you’re sitting right next to it, because both MAC and PHY identities keep changing,” Bharadia adds.
There’s more good news, as researchers are hoping to bring this technology to your phone soon. The team is currently looking for industry partners to incorporate this firmware update into their chipsets.
“This defense can be rolled out incrementally, requiring only software modification on at least one widely-used Bluetooth Low Energy chipset,” says Hadi Givehchian, the first author of the research paper. “But in order to deploy this defense widely, we need to partner with Bluetooth chip manufacturers.”
The team is optimistic about the future, believing that this method could also be used to protect WiFi signals from fingerprinting. So, while we can’t completely vanish from the digital world, this breakthrough brings us one step closer to having our cake and eating it too – enjoying the benefits of using smart devices while keeping our privacy intact.
