"Study Uncovers New Threat to Security and Privacy of Bluetooth Devices"

Bluetooth-enabled mobile devices have been found to be vulnerable to a flaw that could allow attackers to track a user's location. The study centers on Bluetooth Low Energy (BLE), a type of Bluetooth that uses less energy than Bluetooth Classic, an earlier generation of Bluetooth. Billions of people rely on this type of wireless communication on smartwatches and smartphones for various activities such as entertainment, sports, retail, and healthcare. However, due to a design flaw in Bluetooth's protocol, users' privacy may be jeopardized, according to Yue Zhang, the study's lead author and a postdoctoral researcher in computer science and engineering at the Ohio State University (OSU). Zhang and his advisor, Zhiqiang Lin, an Ohio State professor of computer science and engineering, demonstrated the threat by testing more than 50 commercially available Bluetooth devices as well as four BLE development boards. They informed major Bluetooth industry stakeholders, including the Bluetooth Special Interest Group (SIG), hardware vendors like Texas Instruments and Nordic, and operating system providers such as Google, Apple, and Microsoft, about the flaw. Google classified their discovery as a high-severity design flaw and awarded the researchers a bug bounty. Zhang and Lin also created a potential solution to the problem, which they tested successfully. Bluetooth devices have Media Access Control (MAC) addresses, a series of random numbers uniquely identifying them on a network. An idle BLE device sends out a signal every 20 milliseconds advertising its MAC address to other nearby devices with which it could connect. The study identifies a flaw that could allow attackers to observe how these devices interact with the network and then collect and analyze data to violate a user's privacy, either passively or actively. One of the reasons researchers are concerned about such a scenario is that a captured MAC address could be used in a replay attack, enabling the attacker to monitor the user's behaviors, track where the user has been in the past, or even determine the user's current location. The researchers' solution, called Securing Address for BLE (SABLE), entails adding an unpredictable sequence number or a timestamp, to the randomized address to ensure that each MAC address can only be used once, thereby preventing the replay attack. It was successful in preventing attackers from connecting to the victim's devices. This article continues to discuss the new threat to the security and privacy of Bluetooth devices as well as the countermeasure developed to address it. 

OSU reports "Study Uncovers New Threat to Security and Privacy of Bluetooth Devices"