If you didn’t think there were enough ways for people to know your location, then best find something soft to bite down on to keep yourself from screaming.
Your phone is effectively emitting a lighthouse-like beacon while it’s on through its Bluetooth signal, and researchers recently proved they can discern individual devices through all that electronic noise. This new technique bypasses current means of avoiding phone stalking, such as changing IP addresses or Apple’s Safety Check.
Computer scientists at the University of California San Diego proved in a study published May 24 that minute imperfections in phones caused during manufacturing create a unique Bluetooth beacon, one that establishes a digital signature or fingerprint distinct from any other device. Though phones’ Bluetooth uses cryptographic technology that limits trackability, using a radio receiver, these distortions in the Bluetooth signal can be discerned to track individual devices.
UCSD PhD students Nishant Bhaskar and Hadi Givehchian, the primary authors of the study, said their research evolved from Bluetooth’s wider application into contact tracing programs and “find my device” -type apps. These small imperfections in phones were already a known aspect of WiFi signals, but this is the first study that proved these signals can be individually discerned, and in this case, abused.
“What we wanted to see is if you’re out there in some real world situation, and you see tons and tons of devices, do the Bluetooth fingerprints just sort of become all muddled together?” Bhaskar said. “We found in our tests that [40% to 47%] of devices had separate fingerprints that could be potentially tracked.”
Bluetooth tracking has already become a major issue with the proliferation of devices like Apple’s AirTags. While the devices are meant to help people keep track of their keys or other electronics, the tags were immediately picked up by stalkers or other criminals. Even after updates, AirTags have been reported in several stalking cases and, most recently, a murder charge.
Previous tracking of electronics’ WiFi signals relied on their data string computer scientists call its “preamble.” Bluetooth’s preamble is shorter compared to WiFi, making it hard to use prior tracking techniques, but an algorithm developed by the researchers was able to estimate two values found in Bluetooth signals that are different depending on small defects in each device. Nothing in their data suggests the signal is more easily discernible depending on the age or model of phone, the researchers said.
The study’s scientists conducted tests to show whether multiple phones being in one place could disrupt their ability to track individual signals. Results in an initial experiment showed they managed to discern individual signals for 40% of 162 devices in public. Another, scaled-up experiment showed they could discern 47% of 647 devices in a public hallway across two days.
The tracking range depends on device and the environment, and it could be several hundred feet, but in a crowded location it might only be 10 or so feet. Scientists were able to follow a volunteer’s signal as they went to and from their house. Certain environmental factors can disrupt a Bluetooth signal, including changes in environment temperature, and some devices send signals with more power and range than others.
One might say “well, I’ll just keep Bluetooth turned off when not in use,” but the researchers said they found that some devices, especially iPhones, don’t actually turn off Bluetooth unless a user goes directly into settings to turn off the signal. Most people might not even realize their Bluetooth is being constantly emitted by many smart devices.
Stalking, especially stalking via technology, is a continuing problem in the U.S. The Department of Justice’s most-recent report on stalking from 2019 shows that hundreds of thousands are stalked online, and there are thousands upon thousands of people who reported being tracked using an electronic device or application.
So how likely is it that a creep will be using this to follow your device’s Bluetooth signature? Honestly, not likely.
The report’s authors noted that the equipment needed to track phones in this way, called a Software Defined Radio sniffer, could cost less than $200, though a more impressive system might be closer to $1,000. The team tried both, and though a more expensive system was easier, it’s certainly possible for low-cost SDR to track the Bluetooth signals. Of course, using these devices would require a relatively high degree of technical know-how, more than anybody slinging AirTags into people’s backpacks likely has. More than likely, you’re already being tracked using legal, or semi-legal means, whether in public or in private.
Jon Callas, the director of technology projects for the Electronic Frontier Foundation, a renowned computer security expert, said he’s not surprised to see that Bluetooth can be tracked this way, especially since it’s already known how WiFi signals or connections to Bluetooth headphones can be tracked. Still, he doesn’t see this as becoming too big of an issue. Not only is it something that not everyone’s going to have the capacity for, but it would be difficult for anybody to pull off this kind of tracking in the real world, more difficult than other common techniques.
So who else might find this technology useful? Governments and law enforcement are already known for using people’s phones in relation to criminal activity, which can have mixed results. Though officials are much more likely to simply ask tech companies like Google to give them the tracking information on users’ phones. Indeed, it is sometimes easier for law enforcement to get a warrant to access people’s phones than it is to enter their property.
“There are studies going back 20 years that have shown things like differences in clock direct… can permit people under certain circumstances to identify a computer,” he said. “In general, this isn’t used partially because there are many, many easier ways to track you.”
Bhaskar and Givehchian said the best way for companies to defeat this issue would be to create a firmware update to help randomize the output of Bluetooth signals, but without further research it’s hard to say whether that fix would really work. Any other kind of fix to hardware could likely be impossible, as even the most infinitesimally minor defect in the manufacturing process can result in an identifiable Bluetooth signal.
“The only habit you can change, if you want to fully solve this, is that you don’t use Bluetooth, you’d always turn it off, which is not possible for most people,” Givehchian said.
“...and we’ll miss on so many really important features,” Bhaskar continued. “I mean, think of something like contact tracing. Some of this technology has been useful in the modern world, and we don’t necessarily want to turn it off.”
If anything, this study is a reminder that there will always be new ways bad actors can use to track individuals. Callas called it the great “cat and mouse game” where trackers will find new ways to spy on people, and the holes in security will eventually be filled. But in a world where new electronics are always competing for every precious dollar, some security cracks may not ever be patched.
“But there’s also the real world aspect of it, which would be how much—if ordering this change added $10 to the cost of your phone, would you pay it?” he said. “The dilemma of these things, like AirTags, is that none of us wants to be tracked, but we’d all like to find our lost keys.”