Your smartphone or laptop gives off unique Bluetooth radio signals that can be identified and used to track your device’s location, says a new research study. Just turning Bluetooth off can’t always prevent this — some devices, especially Apple ones, might need to be totally powered off.
When Bluetooth is turned on, all mainstream smartphones, laptops, and smartwatches do their best to try to keep you anonymous through randomizing network addresses and other means. But there’s enough variation in the physical radio signals sent out by each device to be able to uniquely “fingerprint” individual devices much of the time, says the University of California, San Diego study.
“These applications use cryptographic anonymity that limit an adversary’s ability to use these beacons to stalk a user,” the study says. “However, attackers can bypass these defenses by fingerprinting the unique physical-layer imperfections in the transmissions of specific devices.”
“Even when there are hundreds of devices we encountered in the field, it is still feasible to track a specific mobile device by its physical-layer fingerprint,” the study notes. It did caution that certain devices had similar fingerprints, which could lead to misidentification.
Some devices were easier to fingerprint than others. While iPhones tended to have similar-looking fingerprints, they were substantially “louder” than Android devices, sending out stronger Bluetooth signals and being detectable at greater distances.
Study leaders Hadi Givehchian and Nishant Bhaskar told The Register that the equipment needed to track these devices would cost about $200. They found that picking out individual devices using Bluetooth signals in public places was not that efficient — they were able to identify devices only between 40% and 50% of the time.
However, once a device’s Bluetooth signal profile was known, the researchers said, they were able to follow the device around town with an accuracy rate of 96%.
The study, entitled “Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices,” will be formally presented at the IEEE Symposium on Security and Privacy in May 2022.
Nonetheless, there are limits to this method, the study admits. It works best “for specific devices with extremely unique fingerprints, and when the target device has a relatively stable temperature.”
The study calls these Bluetooth signals “beacons,” but they’re not the same as the Bluetooth beaconing devices that some stores and restaurants place on-premises to send one-way communications to smartphones.
Rather, the “beacons” in this study are two-way communications between devices that are meant to be anonymized so that third parties can’t tell which devices are sending the signals.
What you can do to prevent Bluetooth tracking
How much you can do to prevent your phone from being tracked this way depends on your platform. Because the main use case for this technology on Android phones is for COVID-19 tracking apps, you can simply turn off or not install such apps.
Windows has a function that uses Bluetooth Low Energy (BLE) and Wi-Fi to transmit information between nearby devices, though it seems to be seldom used. To turn it off, go into Settings > Privacy > Other devices (you’ll need to scroll down the left-hand navigation bar) and turn off “Communicate with unpaired devices.”
On both Windows and Android, switching off Bluetooth in Settings or in the Quick Settings or Taskbar should limit Bluetooth “beaconing.”
Not so for Apple devices, apparently, including iPhones, Mac or Apple Watches. Bluetooth signals are used by Apple for its Find My and AirDrop features, as well as its Continuity protocol that lets you smoothly shift from working on one Apple device onto another. Some of those functions will continue to operate and send out signals even if you manually turn off Bluetooth.
“On some Apple devices, disabling Bluetooth in the Control Center (the menu accessed by swiping down from the top of the screen) may not stop it from beaconing,” study leaders Hadi Givehchian and Nishant Bhaskar told The Register. The only method that’s certain is “powering down a personal [device] entirely.”
The latest iteration of Find My that came with iOS 15 can even locate some recent iPhones that have been powered off or factory reset, as long as other Apple devices are nearby. Apple hasn’t said how that works or whether it involves Bluetooth.
It’s likely that you might be able to disable Bluetooth signal “beaconing” by turning off Find My in your Apple account. But that takes away one of the benefits of owning an Apple device.
We’ve reached out to Apple for comment and will update this story when we receive a reply.