Bluetooth Flaws Could Allow Global Tracking of Apple, Windows 10 Devices

[silversurfer]

Vulnerabilities in the way Bluetooth Low Energy is implemented on devices by manufacturers can open the door to global device tracking for the Windows 10, iOS and macOS devices that incorporate it, according to research from Boston University.
 
An academic team at BU uncovered the flaws, which exist in the periodically changing, randomized device addressing mechanism that many new-model Bluetooth Low Energy (BLE) devices incorporate to prevent passive tracking. A paper on the issues (PDF) was presented Wednesday at the 19th Privacy Enhancing Technologies Symposium.
 
Bluetooth devices advertise themselves as available to other devices in publicly available clear channels, dubbed “advertising channels,” to make pairing with other devices easy. In early versions of the Bluetooth specification, the permanent Bluetooth MAC addresses of devices were regularly broadcast in these clear advertising channels, leading to major privacy concerns stemming from the potential for device-tracking. BLE aimed to solve that by instead allowing device manufacturers to use temporary random addresses in over-the-air communication instead of a device’s permanent address.

But many BLE devices also use dynamic identifying tokens, which are unique to a device and remain static long enough to be used as secondary identifiers to the random addresses. The researchers were able to successfully track devices because these identifying tokens and the random addresses do not change in sync on some devices. So, one identifying token can be linked with a current address as well as the next random address assigned to the device. By identifying the token, this offers a kind of bridge between randomized addresses that can be followed by an attacker.

SOURCE: https://threatpost.com/bluetooth-flaws-g...ws/146517/