New Firmware Update Developed by Researchers Completely Hides Device’s Bluetooth Fingerprint : Tech : Tech Times

Researchers at the University of California, San Diego, have rolled out a firmware update that aims to completely hide a smartphone’s unique Bluetooth fingerprint. They said the advance could eliminate a loophole that allows a device to be tracked based on its Bluetooth signal.

(Photo: StockSnap from Pixabay)

New firmware update hides Bluetooth fingerprint

Aaron Schulman, a senior author on the paper and a member of the computer science and engineering department at the University of California, San Diego, noted that even assuming the most severe type of attack, such as one that was carried out by a state, the attackers were unable to bypass the update.

Bluetooth signals transmitted by mobile devices such as phones perform a variety of functions, including Apple’s Find My service and COVID-19 tracking apps.

These signals are sent at a rate of about 500 per minute, facilitating connections between smartphones and other devices such as wireless earbuds. Current practices include randomly changing a device’s MAC address to make it harder to track via Bluetooth signals.

However, the researchers say this method does not take into account the unique fingerprints on the physical layer that are created by tiny imperfections in the hardware of each device.

Every wireless device has tiny manufacturing imperfections that lead to unique distortions in the Bluetooth signals they emit. These imperfections create a unique fingerprint for each device.

Also read: Recently Discovered Bluetooth Vulnerabilities Reveal Vulnerable Devices: Here’s How It Works

Just like wearing contact lenses

The researchers developed a method that uses multiple layers of randomization, similar to using several layers of contact lenses to darken a person’s eye color and then randomly and repeatedly changing those layers.

This makes it difficult to determine the true fingerprint of the device. The researchers implemented a prototype of this new defense on the Texas Instruments CC2640 chipset, which is used in various smart devices.

They investigated how various parameters affect the success of tracking and fingerprinting a device in real-world scenarios. Their tests indicated that an adversary would need to observe the device for more than 10 days to achieve the same level of tracking accuracy that can be achieved in a minute without a firmware update.

Dinesh Bharadia, senior author of the paper and a member of the Electrical and Computer Engineering department at UC San Diego, noted that the new method makes fingerprints ineffective for attackers, making it almost as difficult for them to identify a device as trying to guess at random.

Bharadia added that the phone’s fingerprint remains impossible to track even if the attacker is nearby because the MAC and PHY identities are constantly changing. The research team is looking for industry partners to incorporate the technology into their chipsets.

Hadi Givehchian, the paper’s first author and a doctoral candidate in the Department of Computer Science and Engineering at the University of California, San Diego, said this defense could be implemented incrementally by modifying the software in a commonly used Bluetooth Low Energy chip.

However, broad implementation of this defense would require cooperation from Bluetooth chip manufacturers. In addition, the researchers believe their method could also effectively hide WiFi fingerprints, potentially extending the security benefits beyond Bluetooth-enabled devices.

The research team presented their findings at the IEEE Symposium on Security and Privacy.

Related Article: Bluetooth Creators Get Green Light to Use Viking King’s Name for Next 1,000 Years