Bluetooth Exploit Enables Tracking on Windows PCs

Researchers at Boston University have discovered a vulnerability in the Bluetooth Low Energy (BLE) implementations of Microsoft and Apple devices. The vulnerability allows third-parties to determine the location and other sensitive information.

“We identified that devices running Windows 10, iOS or macOS regularly transmit advertising events containing custom data structures which are used to enable certain platform-specific interaction with other devices within BLE range,” the paper reads. “The address-carryover algorithm exploits the asynchronous nature of address and payload change, and uses unchanged identifying tokens in the payload to trace a new incoming random address back to a known device. In doing so, the address-carryover algorithm neutralizes the goal of anonymity in broadcasting channels intended by frequent address randomization.”

Most concerning is that fact that the communication is based completely on public, unencrypted advertising traffic, using the specification of BLE in the latest standard of Bluetooth 5. The scale of the privacy issues may even get worse, the report concluded.

Both manufacturers have yet to release a patch for any of the operating systems to alleviate the vulnerability.

How to Fix the Bluetooth Bug

The current workarounds include either disabling the Bluetooth service and/or routinely disabling the Bluetooth device’s connection, which will reset the advertising address and the token.

Syxsense can easily inventory Windows and Mac devices, show active Bluetooth controllers to easily provide insight on which devices may be affected, and even allow an action item such as pushing routine scripts via software distribution to automatically disable Bluetooth services.