The vulnerability is such that devices using BLE technology can be tracked physically, anywhere in a radios within 100 meters of the device. Devices include iPhones, Apple’s iBeacons and a growing list of wearable devices that specifically help monitor fitness activity, heart-rate and more, all of which use BLE to sync and work with mobile applications.
Bluetooth Low Technology
While developed by Bluetooth Special Interest Group, Bluetooth Low Technology is a popular technology which is being adopted by new mobile devices and wearables everywhere. It is a personal wireless technology which is proprietary.
Recently, China banned its entire armed forces from using wearable tech that is connected to the internet, after finding loopholes and vulnerabilities in the technology. Researchers from Context have, in the process of their study and findings, developed an app on their own to show just how easily BLE signals can be captured, monitored remotely and recorded entirely.
As a senior security researcher at Context, Scott Lester said: Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device.”
“Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air.
“This information could be used for social engineering as part of a planned cyber-attack or for physical crime by knowing peoples’ movements.”
Ramble, the app developed by Context has been shown to collect data from nearly 150 individual devices in half an hour stretch. Devices that were compromised included the iPhone, FitBit, Jawbone and other apps which specifically uses BLE.
The security firm also pointed out that BLE as a technology has been in use by smartphones running back to Android 4.3 (Jelly Bean) and above, Windows 8 and 8.1 as well as Blackberry 10.
The reason for the leak
With BLE being made available as a technology back in 2010, it was heralded as a leap in wireless technology as it helped applications that fundamentally rely on constantly transmitting signals, without using the resources of the battery.
The reason, Lester claims, for BLE enabled devices being particularly vulnerable – static MAC (Media access control) addresses. While most devices have dynamic, changing Mac Addresses, it doesn’t change with BLE devices.
“My own fitness tracker has had the same MAC address since we started the investigation, even though it’s completely run out of battery once,” Lester said.
“Sometimes the transmitted packets also contain the device name, which may be unique, such as the ‘Garmin Vivosmart #12345678’, or even give the name of the user, such as ‘Scott’s Watch’.”
“While the ability to detect and track devices may not present a serious risk in itself, it certainly has the potential to compromise privacy and could be part of a wider social engineering threat,” Lester adds.
Bluetooth SIG, the developers of the BLE technology has yet to comment on the reported vulnerability.