Bluetooth LE devices can be tracked

A group of researchers from Boston University has published a scientific article in which they show how they have managed to bypass the anti-tracking protection system for Bluetooth Low Energy (BLE) devices, present since the Bluetooth 4.0 standard.

BLE devices use non-encrypted public channels to announce their presence to other devices and, to avoiding tracking or identification, employ a Media Access Control (MAC) randomization feature instead of using their permanent MAC address.

The flaw, which could be extended to the new Bluetooth 5.0 standard, is present in this randomization feature, because it is possible to extract identifying tokens from payloads sent messages and use them to track the device.

The researchers recommend that manufacturers implement measures to improve the safety of devices, in the paper published present some guidelines and improvements that could be applied to remedy this failure.