Many popular Bluetooth devices have a security vulnerability that could allow their users to be tracked, according to a new research paper out of Boston University.
The security flaw is present in the Bluetooth 5.0 communications standard. There’s a wide range of devices that are vulnerable, including Apple’s iPhones and Macs, Microsoft’s various tablets and laptops and wearable accessories like FitBits, according to the paper’s authors.
Normally, most Bluetooth-connected devices will broadcast a randomized address (instead of something permanent like a MAC address) to other nearby devices to prevent tracking.
Researchers found that they were still able to extract identifying tokens from these broadcasts using a sniffer algorithm.
The tracking method the researchers used could allow for “permanent, non-continuous tracking” of Bluetooth device users.
The paper also notes that there could be an additional vulnerability in Apple’s Handoff feature that may allow a “passive observer to deduct activity patterns of the user using the target device.”
Additionally, the researchers note that the tracking could remain undetectable since their method doesn’t need to bypass or break any Bluetooth security mechanisms.
While the vulnerability may not leak any of your sensitive or private information, it could allow an attacker to track you based on the Bluetooth devices you carry.
Not continuously, but they could glean information about your comings and goings based on your device’s address. In the worst-case scenarios, this information could be used for abuse or stalking.
How to Protect Yourself
There’s a good chance that you’re reading this article right now on a device that can be tracked. (The researchers do note that Androids don’t appear to be vulnerable, however.)
As far as mitigations, it’s pretty much as simple as turning off Bluetooth on your iOS or macOS device and turning it back on. That will randomize your device’s address — though you may need to do this regularly if you’re particularly concerned about your privacy.
Apple also fixes security holes like this regularly, so it’s likely that the company will patch the flaw in future versions of iOS and macOS.
While the risk here is admittedly low for the majority of people, it’s always a good idea to be aware of how your devices can allow you to be tracked.