Bluetooth technology allows individuals to track Apple Watches, Macs, iPads and iPhones. Tablets and laptops running Windows 10 and Fitbit wearables are also vulnerable, but for some reason Android devices are unaffected. Android was found to be unaffected by all this. The researchers stated in their paper that "We describe a tracking vulnerability that affects Windows 10, iOS, and macOS devices as long as they are continuously observed by the adversary. Android devices do not appear to be vulnerable to our passive sniffing algorithm, as they typically do not send advertising messages containing suitable identifying tokens.
Since the payload information updates at a different rate than the address information, the communication blips between Bluetooth devices paint an identifiable pattern. Having discovered this vulnerability, the researchers decided to test out how well it could be used by a third party to track individual devices. When you connect two devices through Bluetooth, one of them acts as the main part of the connection and the other the peripheral, sending out data associated with the connection including a randomized address, which is like the IP address on your laptop or PC, to the main device. A sniffer algorithm can be used to decode the randomized address even though this randomized address gets reconfigured regularly.
To make device pairing easy, BLE (stands for Bluetooth Low Energy) uses public non-encrypted advertising channels to announce presence to nearby devices. The protocol originally attracted privacy concerns for broadcasting permanent Bluetooth MAC (Media Access Control) addresses of devices—a unique 48-bit identifier—on these channels. However, BLE tried to solve the problem by letting device manufacturers use a periodically changing, randomized address instead of a permanent MAC address. So, devices may use a periodically changing, randomized address and not their permanent Media Access Control (MAC) address. And there's the rub: The authors showed how many devices implementing such anonymization measures could actually be vulnerable to passive tracking.
The solution is not complicated, just "shut off your Bluetooth off and back on if you're worried about being tracked. This can be done via System Settings on the macOS' menu bar or in the Settings of your iPhone.
https://techxplore.com/news/2019-07-bluetooth-issue-team-exploring-tracking.html
Since the payload information updates at a different rate than the address information, the communication blips between Bluetooth devices paint an identifiable pattern. Having discovered this vulnerability, the researchers decided to test out how well it could be used by a third party to track individual devices. When you connect two devices through Bluetooth, one of them acts as the main part of the connection and the other the peripheral, sending out data associated with the connection including a randomized address, which is like the IP address on your laptop or PC, to the main device. A sniffer algorithm can be used to decode the randomized address even though this randomized address gets reconfigured regularly.
To make device pairing easy, BLE (stands for Bluetooth Low Energy) uses public non-encrypted advertising channels to announce presence to nearby devices. The protocol originally attracted privacy concerns for broadcasting permanent Bluetooth MAC (Media Access Control) addresses of devices—a unique 48-bit identifier—on these channels. However, BLE tried to solve the problem by letting device manufacturers use a periodically changing, randomized address instead of a permanent MAC address. So, devices may use a periodically changing, randomized address and not their permanent Media Access Control (MAC) address. And there's the rub: The authors showed how many devices implementing such anonymization measures could actually be vulnerable to passive tracking.
The solution is not complicated, just "shut off your Bluetooth off and back on if you're worried about being tracked. This can be done via System Settings on the macOS' menu bar or in the Settings of your iPhone.
https://techxplore.com/news/2019-07-bluetooth-issue-team-exploring-tracking.html
No comments :
Post a Comment