Open Bluetooth may reveal privacy? Wearable Bluetooth devices hide more risks

Bluetooth headset, Bluetooth bracelet, car Bluetooth... Bluetooth technology since its inception, not only to solve many data transmission problems, but also opened the door to wireless life, get all kinds of smart devices of all ages. But while this technology brings convenience to our lives, it also brings some security risks.

According to foreign media reports, researchers from Boston University recently discovered a vulnerability in the Bluetooth communication protocol on Bluetooth devices such as Fitbit smart bracelets, which can lead to the theft of sensitive personal information and allow third parties to track the location of the device. These data are likely to be used by "interested people". Considering the high penetration rate of Bluetooth products, experts suggest that users should be vigilant in this regard.

So, what is this vulnerability? What security risks still exist in Bluetooth devices? As consumers and technology manufacturers should be how to prevent related technology risks? The reporter of Science and Technology Daily interviewed relevant experts.

Trademark information causes devices to be tracked

So what exactly are the vulnerabilities that Boston University researchers have identified?

"This vulnerability is related to the pipe through which Bluetooth devices establish communication connections." Huang Xinyi, deputy director of Fujian Key Laboratory of Network Security and Cryptography and professor of Fujian Normal University, explained that the establishment of a communication connection between a Bluetooth device and a target terminal device requires a "pairing-connection-data transmission" process. In this process, Bluetooth state changes, search devices, binding devices and other signals are received through broadcast, and attackers can "listen" to the broadcast information of Bluetooth devices in the wireless network. If it can be determined that there is only one user within a certain range, the Bluetooth signal and Bluetooth address searched by the attacker within the range will only belong to the user, thus establishing a one-to-one correspondence between the Bluetooth device and the user.

"The Bluetooth address in some Bluetooth devices is unique. Once this address is associated with the user, his actions can be recorded, and user privacy is difficult to be guaranteed." Huang Xinyi said that even if the user does not use the Bluetooth device in the original location, the attacker can still know which Bluetooth data belongs to the user as long as the Bluetooth address of the device is "targeted.

"On most devices, the Bluetooth address is periodically reset randomly to cut off the correspondence between the device and the user." Qin Mingchuang, an expert on the Unicorn security team of the 360 Security Research Institute, said that according to the latest research results released by researchers at Boston University, the newly found vulnerability in the Bluetooth communication standard is in the identification function of Bluetooth. The vulnerability does not require the attacker to actively send data packets, as long as the "listening" Bluetooth broadcast channel can "track" a device.

Why can an attacker still find the original user after the Bluetooth device address is randomly changed? "Some manufacturers in order to be able to 'recognize' their own devices, in the randomized Bluetooth address, broadcast information, into some information related to the device, such as product trademarks, resulting in the device can still be traced." Qin Mingchuang said.

Yin Wenxu, an expert from the Unicorn security team of the 360 Security Research Institute, explained, for example, that some of the data in the Bluetooth data packets broadcast by the Windows 10 system is different on each device and will change periodically. Similar to the randomized Bluetooth address, its original intention is to prevent being tracked by "interested people". However, the period of this part of data change is not synchronized with the period of Bluetooth address change. Attackers can associate the two through careful analysis and interpretation to realize continuous tracking of the device.