The Bluetooth Low Energy standards is a Bluetooth technology that was designed to allow Bluetooth devices to be paired easily by sending their Bluetooth MAC address to the channels. A user from within a few meters of the device can easily connect to the protocol and collect a unique identifier. The user will be able to track a Bluetooth device whoever it has went. Besides this, the device has specific significant security vulnerabilities.
To deal with the vulnerabilities, they stopped using open MAC addresses. They started providing randomized, temporary addresses to the devices using the protocol. They were confident that the newer Bluetooth devices are un-trackable.
Later on, another problem was identified by researchers that many of the devices use dynamic identifying tokens, which are unique to each device. They stay static for the long-time period.
The problem now, as the new research points out, is that many of these devices can use the token as a secondary form of identification. The token allows one randomized address to be associated with it because it cannot be changed as a randomized Mac address. So anyone in the Bluetooth range can easily be identified, and activities can be tracked.
The problems with Bluetooth
Bluetooth is a technology, which has not achieved its full potential because of its security weakness. But in the coming years, Bluetooth is expected to grow from 4.2 to 5.2 billion devices between 2019 and 2022. The average BLE range will be from 10 to 12 meters. The cyber criminals can use Botnet to attack devices connected with Bluetooth.
The cybercriminals can use the ability to identify individual devices to launch more forms of attack. Various Bluetooth worms have used similar techniques to spread over the years.
Over the times, more and more devices will get connected to Bluetooth, and the threat of cyber attack will increase. The hackers will use Bluetooth to identify and pinpoint all network traffic passing to it, and from the devices.
With the rise of IoT devices, Bluetooth is becoming more vulnerable as the manufacturers of IoT devices have often prioritized ease of use and connectivity over security concerns.
Avoiding Bluetooth tracking
The Android devices appear to be utterly unaffected by Bluetooth tracking. Another device seems to be more vulnerable, as there is no way of using Bluetooth without opening yourself up to this kind of hacking.
To avoid Bluetooth tracking, do not connect Bluetooth to unauthorized devices. Use Bluetooth, if necessary and make sure that all the data passing are encrypted.