Tracking Anonymized Bluetooth Devices

  • Becker J
  • Li D
  • Starobinski D
N/ACitations
Citations of this article
78Readers
Mendeley users who have this article in their library.

Abstract

Bluetooth Low Energy (BLE) devices use public (non-encrypted) advertising channels to announce their presence to other devices. To prevent tracking on these public channels, devices may use a periodically changing, randomized address instead of their permanent Media Access Control (MAC) address. In this work we show that many state-of-the-art devices which are implementing such anonymization measures are vulnerable to passive tracking that extends well beyond their address randomization cycles. We show that it is possible to extract identifying tokens from the pay-load of advertising messages for tracking purposes. We present an address-carryover algorithm which exploits the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device. We furthermore identify an identity-exposing attack via a device accessory that allows permanent, non-continuous tracking, as well as an iOS side-channel which allows insights into user activity. Finally, we provide countermeasures against the presented algorithm and other privacy flaws in BLE advertising.

Cite

CITATION STYLE

APA

Becker, J. K., Li, D., & Starobinski, D. (2019). Tracking Anonymized Bluetooth Devices. Proceedings on Privacy Enhancing Technologies, 2019(3), 50–65. https://doi.org/10.2478/popets-2019-0036

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free