Your phones Bluetooth signal can be tracked, even when unpaired

A paper on the Bluetooth signal tracking titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices" was recently presented at the IEEE Security & Privacy conference in Oakland, California, on May 24th, 2022.

Researchers from the University of California San Diego have found Bluetooth Low Energy (BLE) signals are constantly emitted by mobile devices, generating a unique fingerprint that attackers can use to track an individual's movements. This covers smartphones, smartwatches, and fitness trackers, all of which transmit roughly 500 "Bluetooth beacons" per minute.

The unique fingerprint results from minute manufacturing imperfections in device hardware, which uniquely distorts the Bluetooth signal, allowing attackers to bypass anti-tracking techniques like constantly changing network addresses. Across their experiments, they found that 40%-47% of devices were uniquely identifiable and could track a volunteer as they left their residence.

"This is important because in today's world Bluetooth poses a more significant threat as it is a frequent and constant wireless signal emitted from all our personal mobile devices," said Nishant Bhaskar, a Ph.D. student in the UC San Diego Department of Computer Science and Engineering and one of the paper's lead authors.

"As far as we know, the only thing that definitely stops Bluetooth beacons is turning off your phone," said Bhaskar.

You can read more from the study here.