According to foreign media reports, the researchers said that a vulnerability in the Bluetooth communication protocol could cause modern device users to be tracked and leaked device IDs.
Although the local operating system protection is turned on, the vulnerability can still be used to monitor users. Vulnerability affects Windows 10, iOS, and macOS Bluetooth devices, including iPhone, i
The 19th Privacy Enhancement Technology Symposium (17th) by Boston University researchers David Starobinski and Johannes Becker in Stockholm, Sweden Privacy Enhancing Technologies Symposium) describes their research results.
According to their research paper "Tracking anonymous Bluetooth devices" (Tracking AnonymizedBluetooth Devices), Many Bluetooth devices use MAC addresses to prevent long-term tracking, but the team found that vulnerabilities can bypass randomized addresses and always monitor specific devices.
Identification tokens usually Used in conjunction with MAC addresses, a new algorithm developed by Boston University called address-carrying algorithms can take advantage of the asynchronous nature of the payload and address changes to achieve randomization beyond device address randomization. The algorithm does not Need to decrypt the message or in any way destroy the security of Bluetooth.
Researchers say that most computers and smartphone operating systems will The default implementation address is randomized to prevent long-term tracking. However, they found that devices running Windows 10, iOS, or macOS periodically send ads with custom data structures.These structures are used to enable interaction with specific platforms of other devices within the BLE range. This technology works on Windows, iOS, and macOS systems, but the Android operating system is not affected.
Bluetooth usage is expected to increase from 4.2 billion to 5.2 billion between 2019 and 2022. Establishing an anti-tracking method is a research focus for researchers.