Managed Services Australia Logo - Different Size

Bluetooth LE security vulnerability allowing devices to be globally tracked.


July 22, 2019

In the world of connected devices, Bluetooth Low Energy (BLE) stands out as an integral enabler of device communication. But recent revelations indicate a lurking vulnerability within its secure walls, potentially turning a convenience into a privacy concern.

Behind the Vulnerability: Syncing Issues

Researchers from Boston University unveiled concerning flaws within the BLE random addressing mechanism. Designed to enhance user privacy, this mechanism seems to miss the mark in certain device implementations. The core issue? The device’s identifying tokens and random addresses, both integral to its identity, don’t always synchronise, creating an exploitable gap.

Key Takeaway: While technology has evolved, the minutiae of implementation can lead to unexpected vulnerabilities.

The Technical Scoop: An Attacker’s Gateway

To pair with other devices, Bluetooth broadcasts its presence on public ‘advertising channels’. Earlier Bluetooth versions used to openly reveal the device’s permanent MAC addresses. To counteract the associated privacy concerns, BLE was designed to use temporary, random addresses.

However, many BLE devices also employ unique identifying tokens. These remain static long enough to act as secondary identifiers. Recent research indicates that by exploiting the desynchronisation between these tokens and the random address, attackers can bridge between sequential random addresses, making tracking feasible.

Key Takeaway: The challenge of ensuring security lies in foreseeing potential misalignments, no matter how minor.

Decoding the Algorithm: A Bridge to Tracking

The research team’s approach was ingenious. They harnessed an ‘address-carryover algorithm’ that exploited the asynchronous change of address and identifying tokens. In simple terms, the algorithm could match a device’s new random address with a known token, enabling the tracking of the device through its changing addresses.

Devices running Windows 10 and certain Apple operating systems are particularly susceptible, with the team’s algorithm revealing inconsistencies in their BLE implementation.

Key Takeaway: As the digital landscape becomes more complex, attackers are finding nuanced ways to exploit even the most robust systems.

The Broader Impact: From Local to Global

With Bluetooth’s adoption predicted to surge, the implications of this vulnerability are vast. An attacker, by coordinating a botnet, could potentially scale local BLE tracking methods to achieve global tracking capabilities. Moreover, the integration of other digital traces, like facial recognition, can magnify privacy risks.

Key Takeaway: Today’s isolated vulnerability could be tomorrow’s global privacy concern.

The Road Ahead: Solutions and Precautions

While no patches have been issued, users can employ certain workarounds. For instance, Windows 10 users can reset both their advertising address and token by toggling their Bluetooth device’s connectivity. Similarly, Apple users can randomise their address and alter their payload by switching their Bluetooth settings on and off. Thankfully, Android devices appear to be unaffected.

At Managed Services Australia, we prioritise understanding technological vulnerabilities to ensure that our clients remain secure and informed.

Concerned about your devices’ security?

Discover our advanced solutions at Managed Services Australia. Reach out to our expert team at 📞 1300 024 748 or drop a line through our contact form. Your uninterrupted operations are just a call away.

Looking for the latest in technology? Step into our Technology Centre and make an informed purchase today.

Book a consultation with Managed Services Australia.

Start your journey towards seamless IT solutions with us today – unlock your business’s true potential!