A security vulnerability in the Bluetooth communication protocol has the potential to allow malicious actors to track and identify devices from Apple and Microsoft. Strangely, Android devices seem to be immune from this vulnerability. Here’s what ZDNet had to say:
According to the research paper, Tracking Anonymized Bluetooth Devices (.PDF), many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but the team found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device.
Identifying tokens are usually in place alongside MAC addresses and a new algorithm developed by Boston University, called an address-carryover algorithm, is able to “exploit the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device.”
Well, that’s not good to say the least. It isn’t clear if this has been used in the wild. But I guarantee that Microsoft and Apple are looking at this paper very closely. That’s because the fact that Android devices seem not to be affected by this means that they have a problem that they need to fix. And it will be interesting to see how fast they will respond to this.
Like this:
Like Loading...
Related
This entry was posted on July 18, 2019 at 9:03 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Bluetooth Vulnerability Could Allow Windows, iOS, & macOS Devices To Be Tracked & Identified
A security vulnerability in the Bluetooth communication protocol has the potential to allow malicious actors to track and identify devices from Apple and Microsoft. Strangely, Android devices seem to be immune from this vulnerability. Here’s what ZDNet had to say:
According to the research paper, Tracking Anonymized Bluetooth Devices (.PDF), many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but the team found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device.
Identifying tokens are usually in place alongside MAC addresses and a new algorithm developed by Boston University, called an address-carryover algorithm, is able to “exploit the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device.”
Well, that’s not good to say the least. It isn’t clear if this has been used in the wild. But I guarantee that Microsoft and Apple are looking at this paper very closely. That’s because the fact that Android devices seem not to be affected by this means that they have a problem that they need to fix. And it will be interesting to see how fast they will respond to this.
Share this:
Like this:
Related
This entry was posted on July 18, 2019 at 9:03 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.