The locations of smartphones can be tracked by means of transmitted Bluetooth signals. However, recent research also shows that it is not trivial.
A group of researchers from the University of San Diego in California has shown that smartphones and thus also people can be tracked using Bluetooth. The identification of the smartphone becomes possible because a chipset is installed during production, which has received a physical fingerprint in production. In order to carry out the attack, a so-called software defined Radio Sniffer is required. These radio receivers can record raw signals. The attack is possible because every smartphone emits so-called Bluetooth Low Energy beacons. These signals are sent continuously and are used, for example, for contact tracing. During production, these beacons and Wi-Fi are integrated into the same chip. Since Wi-Fi requires a unique identification of the device, this is also possible with Bluetooth.
However, there are some challenges in the practical implementation of the attack. The unique identification depends not only on the chipset installed in the smartphone to be tracked, but also on the devices in the immediate vicinity. Also important are the different transmission powers of Android smartphones and iPhones, the temperature of the devices and the quality of the radio signals. The researchers have found that some devices have a very specific fingerprint and are therefore easy to identify. Other smartphones, on the other hand, use a very similar fingerprint and are therefore difficult to identify, especially in busy environments. Bluetooth thus basically represents a danger for location tracking. However, it is extremely difficult for the attacker to identify and track the correct target. The researchers therefore do not assume that there will be such attacks in the future.
Basically, security issues related to Bluetooth are nothing new. Among other things, there were attacks on Tesla cars. These allowed the attackers to gain access to the cars. Many other electronic devices have also been attacked. Currently, there are no real security mechanisms available for the technology. It could be that Bluetooth will be replaced by another technology in the near future. However, it is questionable whether there will not also be security gaps there.