A flaw was just discovered in bluetooth that would allow a bad actor to track a wide range of devices. These devices include iPhones, iPads, Macs, and Apple Watches. Other devices are any laptops running windows 10 and fitbit wearables. However Andriod devices are not at risk.
A reported by TNW, Boston University researchers, Johannes K. Becker and David Starobinski, discovered the vulnerability.
Researchers from Boston University (BU) have discovered a flaw in the Bluetooth communication protocol that could expose most devices to third-party tracking and leak identifiable data […]
The vulnerability allows an attacker to passively track a device by exploiting a flaw in the way Bluetooth Low Energy (BLE) is implemented to extract identifying tokens like the device type or other identifiable data from a manufacturer […]
To make pairing between two devices easy, BLE uses public non-encrypted advertising channels to announce their presence to other nearby devices. The protocol originally attracted privacy concerns for broadcasting permanent Bluetooth MAC addresses of devices — a unique 48-bit identifier — on these channels.
However, BLE tried to solve the problem by letting device manufacturers use a periodically changing, randomized address instead of their permanent Media Access Control (MAC) address.
The vulnerability discovered by BU researchers exploits this secondary random MAC address to successfully track a device. The researchers said the “identifying tokens” present in advertising messages are also unique to a device and remain static for long enough to be used as secondary identifiers besides the MAC address.”
Basically, it is possible to link the current address to the next one and therefore identify as the same device. This allows someone to be able to track the device indefinitely. However only at the short range of bluetooth signals.
The researches have propsed a solution.
To protect devices from address-carryover attacks, the researchers suggest device implementations should synchronize payload changes with MAC address randomizations.
With Bluetooth device adoption growing at a massive scale, they caution that “establishing tracking-resistant methods, especially on unencrypted communication channels, is of paramount importance.”
They didn’t explain if Apple would even be able to fix this vulnerability and implement this change in an over the air update. However in the meantime there is a simple workaround.
“Switching Bluetooth off and on in the System Settings (or in the Menu Bar on macOS) will randomize the address and change the payload.”
If you want to read the full paper that contains the findings, you can read it