Vulnerability in Bluetooth communication protocol can be used to track users of modern devices, warn researchers from the Boston University David Starobin (David Starobinski) and Johannes Becker (Johannes Becker). The issue affects Bluetooth-enabled devices based on Windows 10, iOS and macOS, including iPhone, iPad, Apple Watch, MacBook, Microsoft laptops and tablets. The vulnerability can be exploited even in spite of the built-in protection functions of the OS.
According to a study called Tracking Anonymized Bluetooth Devices, many Bluetooth-enabled devices use MAC addresses when alerted to their presence to prevent long-term tracking. However, experts have found it possible to bypass MAC address randomization and monitor a specific device on an ongoing basis.
To this end, experts have developed an algorithm that does not require decrypting messages or violating Bluetooth security. During the study, experts focused on the BLE (Bluetooth Low Energy) protocol, introduced in 2010 and implemented in Bluetooth 5. They conducted an experiment in which they used devices running Windows 10, iOS and macOS, a special version of the BTLE software package and a program for interception of traffic. Over a period of time, scientists collected advertisements and log files and, based on this information, were able to determine device IDs.
“Most desktop and mobile operating systems implement targeted randomization by default as a means of preventing long-term tracking because permanent IDs are not broadcast. data used to interact with other devices within the BLE range, "the researchers note.
It should be noted that the technology developed by the experts does not affect Android devices, since this OS does not send advertising packages as regularly as gadgets based on Windows, iOS and macOS.
