Researchers have shown how simple it is to monitor and record Bluetooth low energy signals transmitted by phones and wearable devices, allowing the user to be easily identified and tracked.
Researchers at Context Information Security have demonstrated how easy it is to monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, wearable devices and iBeacons, including the iPhone and leading fitness monitors, raising concerns about privacy and confidentiality. The researchers have even developed an Android app that scans, detects and logs wearable devices.
The app can be downloaded along with a detailed blog explaining the research at: www.contextis.co.uk/resources/blog/emergence-bluetooth-low-energy
The Context findings follow recent reports that soldiers in the People’s Liberation Army of China have been warned against using wearables to restrict the possibility of cyber-security loopholes. “Many people wearing fitness devices don’t realise that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott Lester, a senior researcher at Context. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 metres in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.”
Bluetooth Low Energy (BLE) was released in 2010 specifically for a range of new applications that rely on constantly transmitting signals without draining the battery. Like other network protocols it relies on identifying devices by their MAC addresses; but while most BLE devices have a random MAC address, Context researchers found that in most cases the MAC address doesn’t change. “My own fitness tracker has had the same MAC address since we started the investigation, even though it’s completely run out of battery once,” said Lester. Sometimes the transmitted packets also contain the device name, which may be unique, such as the ‘Garmin Vivosmart #12345678′, or even give the name of the user, such as ‘Scott’s Watch’.
BLE is also increasingly used in mobile phones and is supported by iOS 5 and later, Windows Phone 8.1, Windows 8, Android 4.3 and later, as well as the BlackBerry 10. The Bluetooth Special Interest Group (SIG) has predicted that, “By 2018, more than 90 percent of Bluetooth enabled smartphones are expected to be Smart Ready devices,” supporting BLE; while the number of Bluetooth enabled passengers cars is also predicted to grow over to 50 million by 2016.
iBeacons, which also transmit BLE packets in order to identify a location, are already used in Apple Stores to tailor notifications to visiting customers, while BA and Virgin use iBeacons with their boarding pass apps to welcome passengers walking into the lounge with the WiFi password. House of Fraser is also trialling iBeacons on manikins to allow customers to look at the clothes and their prices on their phones. The current model for iBeacons is that they should not be invasive; you have to be running the application already, for it to detect and respond to a beacon. But the researchers have concerns: “It doesn’t take much imagination to think of a phone manufacturer providing handsets with an iBeacon application already installed, so your phone alerts you with sales notifications when you walk past certain shops,” said Lester.
The current version 4.2 of the Bluetooth Core Specification makes it possible for BLE to implement public key encryption and keep packet sizes down, while also supporting different authentication schemes. “Many BLE devices simply can’t support authentication and many of the products we have looked at don’t implement encryption, as this would significantly reduce battery life and increase the complexity of the application,” said Lester.
“It is clear that BLE is a powerful technology, which is increasingly being put to a wide range of uses,” concludes Context’s Lester. “While the ability to detect and track devices may not present a serious risk in itself, it certainly has the potential to compromise privacy and could be part of a wider social engineering threat. It is also yet another demonstration of the lack of thought that goes into security when companies are in a rush to get new technology products to market.”
* Follow Gadget on Twitter on @GadgetZA
Notre Dame, Scoop Makhathini, GoT, top week in search
From fire disaster to social media disaster, the top Google searches this week covered a wide gamut of themes.
Paris and the whole world looked on in shock as the 856-year-old medieval Catholic cathedral crumbled into ash. The tragic infernal destruction of this tourist attraction of historical and religious significance led South Africans to generate more than 200 000 search queries for “Notre Dame Cathedral” on Monday. Authorities are investigating the cause of the fire that razed the architectural icon.
In other top trending searches on Google this week, radio presenter Siyabonga Ngwekazi, AKA Scoop Makhathini, went viral when it appeared he had taken to Twitter to expose his girlfriend, Akhona Carpede, for cheating on him. Scoop has since come out to say that he was not responsible for the bitter rant and that his account was hacked. “Scoop Makhathini” generated more than 20 000 search queries on Wednesday.
Fans generated more than 20 000 search queries for “Sam Smith” on Tuesday ahead of the the British superstar’s Cape Town performance at the Grand West Casino. Smith ended up cutting his performance short that night due to vocal strain.
Local Game of Thrones superfans were beside themselves on Sunday, searching the internet high and low for the first episode of the American fantasy drama’s eighth season. “Game of Thrones, season 8, episode 1” generated more than 100 000 queries on Google Search on the weekend.
As the festivities kicked off in California with headliners such as Childish Gambino and Ariana Grande, South Africans generated more than 2 000 search queries for “Coachella” on Saturday.
South Africans generated more than 5 000 search queries for “Wendy Williams” on Friday as it emerged that the American talk show host had filed for divorce from her husband Kevin Hunter after 21 years of marriage. Hunter has long been rumored to have been cheating on Williams, which reportedly finally led to the divorce.
Search trends information is gleaned from data collated by Google based on what South Africans have been searching for and asking Google. Google processes more than 40 000 search queries every second. This translates to more than a billion searches per day and 1.2 trillion searches per year worldwide. Live Google search trends data is available at https://www.google.co.za/trends/hottrends#pn=p40
5G smartphones to hit 5M sales in 2019
According to the latest research from Strategy Analytics, global smartphone shipments will reach a modest 5 million units in 2019. Early 5G smartphone models will be expensive and available in limited volumes. Samsung, LG and Huawei will be the early 5G smartphone leaders this year, followed by Apple next year.
Ken Hyers, Director at Strategy Analytics, said, “We forecast global 5G smartphone shipments will reach a modest 5 million units in 2019. Less than 1 percent of all smartphones shipped worldwide will be 5G-enabled this year. Global 5G smartphone shipments are tiny for now, due to expensive device pricing, component bottlenecks, and restricted availability of active 5G networks.”
Ville Petteri-Ukonaho, senior analyst at Strategy Analytics, added, “Samsung will be the early 5G smartphone leader in the first half of 2019, due to initial launches across South Korea and the United States. We predict LG, Huawei, Xiaomi, Motorola and others will follow later in the year, followed by Apple iPhone with its first 5G model during the second half of 2020. The iPhone looks set to be at least a year behind Samsung in the 5G smartphone race and Apple must be careful not to fall too far behind.”
Neil Mawston, executive director at Strategy Analytics, added, “The short-term outlook for 5G smartphones is weak, but the long-term opportunity remains huge. We forecast 1 billion 5G smartphones to ship worldwide per year by 2025. The introduction of 5G networks, by carriers like Verizon or China Mobile, opens up high-speed, ultra-low-latency services such as 8K video, streaming games, and augmented reality for business. The next big question for the mobile industry is how much extra consumers are really willing to pay, if anything, for those emerging 5G smartphones and services.”
Strategy Analytics provides a snapshot analyses for the outlook for 5G smartphone market in this Insight report: 5G Smartphones : From Zero to a Billion
Strategy Analytics provides a deep-dive into the air-interface technologies that will power phones through 2024 across 88 countries here: Global Handset Sales Forecast by 88 Countries and 19 Technologies : 2003 to 2024