Your Bluetooth Conversation May Not Be as Private as You Think
Professor David Starobinski (ECE, SE), along with his team, Ph.D. student Johannes Becker (ECE) and undergraduate student David Li (ECE) was recently featured in an article on The Register, an online IT newspaper. The Register highlighted the team’s discovery that Bluetooth LE’s previous claim to their products being resistant to tracking is inaccurate. The Bluetooth LE protocol supports frequent changes of a device identifier, known as the MAC address, to make it harder to track users. Thus, the MAC address contained in Bluetooth packets is regularly randomized when a device communicates, becoming another preventative measure against hackers from easily eavesdropping in on a person’s conversation.
While this process seemed to work and convinced most consumers, Starobinski and his team recently discovered a few weak spots in the system. While the MAC address and the unique payload are refreshing at different intervals, this leaves an open opportunity for the gadget or computer to be continuously identified no matter how many times the MAC address and payload change. Becker, Starobinski, and Li suggest that the best way to begin changing this flawed system and increase protection against tracking is to synchronize the MAC address and payload change. This would lessen the opportunity for hackers to get in and thus lead to safer and less trackable devices.
At the 19th Privacy Enhancing Technologies Symposium held in Stockholm this year, Starobinski, Li and Becker brought this new information to light by presenting their paper on Tracking Anonymized Bluetooth Devices. This symposium is an opportunity for privacy researchers and experts to come together and share their newfound knowledge.
Professor Starobinski focuses on cybersecurity and computer networking within the ECE Department. He has been previously honored with the Best Paper Award from the IEEE Conference on Communications and Network Security as well as received the ECE Award for Teaching Excellence. His interests also encompass network economics, wireless networking and modeling and performance analysis of communication networks. We look forward to hearing the reactions to the new knowledge Starobinski and his team presented at the 19th Privacy Enhancing Technologies Symposium.