The recently released Bluetooth 5.1 specification introduces fine-grained positioning capabilities in this wireless technology, which is deemed essential to context-/location-based Internet of Things (IoT) applications. In this paper, we evaluate experimentally, for the first time, the accuracy of a positioning system based on the Angle of Arrival (AoA) mechanism adopted by the Bluetooth standard. We first scrutinize the fidelity of angular detection and then assess the feasibility of using angle information from multiple fixed receivers to determine the position of a device. Our results reveal that angular detection is limited to a restricted range. On the other hand, even in a simple deployment with only two antennas per receiver, the AoA-based positioning technique can achieve sub-meter accuracy; yet attaining localization within a few centimeters remains a difficult endeavor. We then demonstrate that a malicious device may be able to easily alter the truthfulness of the measured AoA, by tampering with the packet structure. To counter this protocol weakness, we propose simple remedies that are missing in the standard, but which can be adopted with little effort by manufacturers, to secure the Bluetooth 5.1 positioning system.
Bluetooth Classic (BT) remains the de facto connectivity technology in car stereo systems, wireless headsets, laptops, and a plethora of wearables, especially for applications that require high data rates, such as audio streaming, voice calling, tethering, etc. Unlike in Bluetooth Low Energy (BLE), where address randomization is a feature available to manufactures, BT addresses are not randomized because they are largely believed to be immune to tracking attacks. We analyze the design of BT and devise a robust de-anonymization technique that hinges on the apparently benign information leaking from frame encoding, to infer a piconet's clock, hopping sequence, and ultimately the Upper Address Part (UAP) of the master device's physical address, which are never exchanged in clear. Used together with the Lower Address Part (LAP), which is present in all frames transmitted, this enables tracking of the piconet master, thereby debunking the privacy guarantees of BT. We validate this attack by developing the first Software-defined Radio (SDR) based sniffer that allows full BT spectrum analysis (79 MHz) and implements the proposed de-anonymization technique. We study the feasibility of privacy attacks with multiple testbeds, considering different numbers of devices, traffic regimes, and communication ranges. We demonstrate that it is possible to track BT devices up to 85 meters from the sniffer, and achieve more than 80% device identification accuracy within less than 1 second of sniffing and 100% detection within less than 4 seconds. Lastly, we study the identified privacy attack in the wild, capturing BT traffic at a road junction over 5 days, demonstrating that our system can re-identify hundreds of users and infer their commuting patterns.
Passive device-free localization of a person exploiting the Channel State Information (CSI) from Wi-Fi signals is quickly becoming a reality. While this capability would enable new applications and services, it also raises concerns about citizens' privacy. In this work, we propose a carefully-crafted obfuscating technique against one of such CSI-based localization methods. In particular, we modify the transmitted I/Q samples by leveraging an irreversible randomized sequence. I/Q symbol manipulation at the transmitter distorts the location-specific information in the CSI while preserving communication, so that an attacker can no longer derive information on user's location. We test this technique against a Neural Network (NN)-based localization system and show that the randomization of the CSI makes undesired localization practically unfeasible. Both the localization system and the randomization CSI management are implemented in real devices. The experimental results obtained in our laboratory show that the considered localization method (first proposed in an MSc thesis) works smoothly regardless of the environment, and that adding random information to the CSI mess up the localization, thus providing the community with a system that preserve location privacy and communication performance at the same time. CCS CONCEPTS• Networks → Network protocols; Link-layer protocols; • Security and privacy → Human and societal aspects of security and privacy; Privacy protections;
Channel State Information (CSI)-based localization with 802.11 has been proven feasible in multiple scenarios and is becoming a serious threat to people's privacy in workplaces, at home, and maybe even outdoors. Countering unauthorized localization without hampering communications is a non-trivial task, although some very recent works suggest that it is feasible with marginal modification of the 802.11 transmission chain, but this requires modifying 802.11 devices. Furthermore, if the attacker controls two devices and not just a receiver, transmission side signal manipulation cannot help. This work explores the possibility of countering CSI based localization with an active device that, instead of jamming signals to avoid that a malicious receiver exploits CSI information to locate a person, superimpose on frames a copy of the same frame signal whose goal is not destroying reception as in jamming, but only obfuscate the location-relevant information carried by the CSI. A prototype implementation and early results look promising; they show the feasibility of location obfuscation with high efficiency and excellent preservation of communication performance, and indicate that the technique works both against passive attacks, where the attacker controls only a receiver, and active ones, where he/she controls both a transmitter and a receiver. These results pave the road for further research on smart spaces that preserve users' privacy with a technical solution and not only via legal prescriptions.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.