Firmware Update Hides a Device's Bluetooth Fingerprint
Researchers at UC San Diego created a firmware update to conceal Bluetooth fingerprints, hindering device tracking. The update, presented at a security conference, reduces tracking accuracy, requiring prolonged observation for identification. Industry collaboration is sought.
Read original articleA team of researchers at the University of California San Diego has developed a firmware update to hide a device's Bluetooth fingerprint, addressing a vulnerability discovered in 2022. The update aims to prevent tracking of devices through their unique Bluetooth signals, which are constantly emitted by mobile devices. By implementing multiple layers of randomization, the update makes it challenging for attackers to infer a device's identity based on its Bluetooth fingerprint. The method was presented at the 2024 IEEE Security & Privacy conference and has been tested on smart devices like fitness trackers. The update significantly reduces the accuracy of tracking a device, requiring continuous observation for over 10 days to achieve the same level of accuracy as before. The researchers are now seeking industry partners to incorporate this technology into Bluetooth chipsets, with potential applications to obfuscate WiFi fingerprints as well.
Related
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
Google's "Find My Device" automatically opts-in; opt-out link does not work
To opt out of the "Find My Device" feature on Android, users can disable it in settings under Security. This enhances privacy and prevents remote tracking, empowering users with control over their device settings.
Apple admits its AirPods had a security problem
Apple addressed security vulnerabilities in AirPods and Beats Fit Pro headphones, preventing hackers from pairing devices with the wrong source. The company released updates to enhance customer protection, emphasizing privacy. Apple prioritizes privacy in its products, like Apple Intelligence, and declined AI collaborations with Meta over privacy concerns.
AirPods fast connect security vulnerability
A security flaw (CVE-2024-27867) in Apple AirPods firmware allows unauthorized access via Bluetooth MAC address. Firmware updates released for affected models. Users with non-Apple devices may encounter difficulties updating.
Reverse Engineering a Smartwatch
Benjamen Lim reverse engineered a smartwatch with geolocating capabilities, repurposing it by reprogramming the firmware through exposed programming pins. The project showcased the value of salvaging electronic devices efficiently.
From the linked 2022 paper: BLE sends beacons hundred times per minute, even from phones. For privacy reasons the Mac addresses are randomized. The attacker can further analyze the beacons for imperfections in the rf signal and get a fingerprint for devices from frequency offsets/drift/iq imbalance.
Haven't seen the new paper, but the article suggests the a firmware change can even reduce this attack vector. I guess that introducing further randomization in chipset parameters for each beacon can make this kind of tracking harder still. I doubt that this hides all aspects of fingerprinting and settings stepsizes would still be observable, just harder to track. "Randomization pattern F is this manufacturer gen 2025 devices"
My take on this: most of the day, I would not need any beacons at all - maybe there is an intelligent limit on avoiding them? Configurable? Only when unlocked? Only when in motion? Sometimes sending half the beacons would double the time needed for tracking already. Again, this would boil down to "a firmware update could improve privacy"
> A possible solution for authenticating IoT devices with limited computing resources when accessing wireless networks is to extract a unique and unclonable identifier of the device.. The effectiveness of the physical layer fingerprint lies in the subtle random differences that occur during the manufacturing process of the device.. The accuracy of Wi-Fi device identification based on physical layer fingerprint features.. can reach 98% for 15 different types of IoT Wi-Fi devices, and 90.76% for 10 network cards, having smaller differences in manufacturing, with the same type of chips.
Of course, if Auto-Join is enabled, the client device broadcasts the Wi-Fi access points it has previously joined, which can be informative without an SDR.
Essentially, this is useless. It doesn’t apply to most chipsets and would require changing the firmware on existing beacon hardware. The chip manufacturers would have put this in the hardware if they wanted it.
In any case I doubt this has much practical impact given you presumably need an SDR to do this tracking.
Related
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
Google's "Find My Device" automatically opts-in; opt-out link does not work
To opt out of the "Find My Device" feature on Android, users can disable it in settings under Security. This enhances privacy and prevents remote tracking, empowering users with control over their device settings.
Apple admits its AirPods had a security problem
Apple addressed security vulnerabilities in AirPods and Beats Fit Pro headphones, preventing hackers from pairing devices with the wrong source. The company released updates to enhance customer protection, emphasizing privacy. Apple prioritizes privacy in its products, like Apple Intelligence, and declined AI collaborations with Meta over privacy concerns.
AirPods fast connect security vulnerability
A security flaw (CVE-2024-27867) in Apple AirPods firmware allows unauthorized access via Bluetooth MAC address. Firmware updates released for affected models. Users with non-Apple devices may encounter difficulties updating.
Reverse Engineering a Smartwatch
Benjamen Lim reverse engineered a smartwatch with geolocating capabilities, repurposing it by reprogramming the firmware through exposed programming pins. The project showcased the value of salvaging electronic devices efficiently.