Imagine walking through a bustling airport, your headphones playing music, your phone in your pocket, and your AirTag safely tucked into your bag. What if someone could track your every step—not through GPS or cameras—but by decoding the unique "fingerprints" of your devices' signals?
Tracking devices in busy IoT environments like train stations, airports, or transit hubs raises significant privacy concerns. Continuous tracking of Bluetooth devices could reveal a person’s movements and habits, even though technologies like MAC address randomization are designed to protect privacy. However, advanced techniques are emerging that can bypass these safeguards. For example, device fingerprinting analyzes details beyond just the MAC address, such as unique patterns in broadcast data. Certain Apple devices, like AirTags, AirPods, or iPhones, often send signals with slight variations that can act as identifiers.
Some Sources to consider:
[1] Ankit Gangwal, Shubham Singh, Riccardo Spolaor, Abhijeet Srivastava. "BLEWhisperer: Exploiting BLE Advertisements for Data Exfiltration." In European Symposium on Research in Computer Security, pp. 698-717. Cham: Springer International Publishing, 2022.
[2] Becker JK, Li D, Starobinski D. Tracking anonymized bluetooth devices. Proceedings on Privacy Enhancing Technologies. 2019.
[3] Santana-Cruz RF, Moreno-Guzman M, Rojas-López CE, Vázquez-Morán R, Vázquez-Medina R. Bluetooth Device Identification Using RF Fingerprinting and Jensen-Shannon Divergence. Sensors. 2024.
Supervisors: Katharina O. E. Müller
back to the main page