Tracking The Identity of Devices By Their Bluetooth Signal Footprint
Even though the broadcast address has been randomized
Within BLE (Bluetooth Low Energy), there is a randomization of the address. But this randomness can sometimes be overcome through its usage of counters or from timings. In a new paper, the researchers have broken the address randomization using the Received Signal Strength Indication (RSSI) [here]:
The measurements of RSSI come from the advertising packets from the device and are linked to previous traces to re-identify it. This creates an RSSI fingerprint for the device. For devices which do not move, the research provides a 99% accuracy rate in correctly identifying a device.
In Figure 2, we can see that we monitor the signal strength from a device and where it may be using an address rotation to hide its identity. In this case, the address of AA:AA:AA:AA:AA has been mapped with BB:BB:BB:BB:BB:BB — due to the RSSI monitoring of advertising packets. The measurement of RSSI is in dBm, which is the signal strength in relation to 1mW for power. Overall, -3dB is a drop of one-half, and so, -3dBm is 0.5mW, -6dBm is 0.25mW, and…