short-paper

Privacy in the Mobile World: An Analysis of Bluetooth Scan Traces

Authors:

Heng Zhang,

Amiya K. Maji,

Saurabh BagchiAuthors Info & Claims

CPSIOTSEC'20: Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy

Pages 61 - 65

https://doi.org/10.1145/3411498.3419962

Published: 09 November 2020 Publication History

Get Access

Abstract

Bluetooth-enabled smartphones, wearable devices, as well as consumer electronics devices, are pervasive nowadays. Due to the low power consumption of Bluetooth hardware, users often leave Bluetooth enabled on their personal devices all the time. We find that even though the devices themselves may be protected against unauthorized connections, neighboring Bluetooth signals may still leak personal information. More specifically, a malicious smartphone application can easily obtain permission to perform Bluetooth scanning and then build a temporal trace of the number of active Bluetooth devices in the vicinity of a user. By collecting and analyzing data from 49 smartphone users over two weeks, we found that traces from different devices have little overlap and can, therefore, be used to identify a device with high likelihood. Moreover, Bluetooth advertisements from nearby devices can reveal what products the user may own making her susceptible to targeted advertisements. By comparing Bluetooth traces from multiple devices, the adversary can learn a user's location even if she does not give explicit permission to share her location. We also analyzed a public Bluetooth dataset to find similarities and differences with the conclusions drawn from our dataset. Our dataset has been publicly released for the scientific community.

References

[1]

2019. Two Weeks Bluetooth Low Energy Dataset. https://github.com/ purdue-dcsl/bluetooth-trace

Google Scholar

[2]

Wahhab Albazrqaoe, Jun Huang, and Guoliang Xing. 2016. Practical bluetooth traffic sniffing: Systems and privacy implications. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 333--345.

Digital Library

Google Scholar

[3]

Inc. Bluetooth SIG. 2015. Bluetooth Technology Protecting Your Privacy. https://www.bluetooth.com/blog/bluetooth-technology-protecting-your-privacy/

Google Scholar

[4]

William S Cleveland. 1979. Robust locally weighted regression and smoothing scatterplots. Journal of the American statistical association, Vol. 74, 368 (1979), 829--836.

Crossref

Google Scholar

[5]

Aveek K Das, Parth H Pathak, Chen-Nee Chuah, and Prasant Mohapatra. 2016. Uncovering privacy leakage in ble network traffic of wearable fitness trackers. In Proceedings of the 17th International Workshop on Mobile Computing Systems and Applications. ACM, 99--104.

Digital Library

Google Scholar

[6]

Kassem Fawaz, Kyu-Han Kim, and Kang G Shin. 2016. Protecting Privacy of {BLE} Device Users. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 1205--1221.

Google Scholar

[7]

Inc Fitbit. 2019. Fitbit. https://play.google.com/store/apps/details?id=com.fitbit.FitbitMobile&hl=en_US

Google Scholar

[8]

Adriano Galati and Chris Greenhalgh. 2013. CRAWDAD dataset nottingham/mall (v. 2013-02-05). Downloaded from https://crawdad.org/nottingham/mall/20130205. https://doi.org/10.15783/C7D30D

Crossref

Google Scholar

[9]

Taher Issoufaly and Pierre Ugo Tournoux. 2017. BLEB: Bluetooth Low Energy Botnet for large scale individual tracking. In 2017 1st International Conference on Next Generation Computing Applications (NextComp). IEEE, 115--120.

Crossref

Google Scholar

[10]

Aleksandra Korolova and Vinod Sharma. 2018. Cross-App Tracking via Nearby Bluetooth Low Energy Devices. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. ACM, 43--52.

Digital Library

Google Scholar

[11]

Joshua S Richman, Douglas E Lake, and J Randall Moorman. 2004. Sample entropy. In Methods in enzymology. Vol. 384. Elsevier, 172--184.

Google Scholar

[12]

Pallavi Sivakumaran and Jorge Blasco. 2019. A Study of the Feasibility of Co-located App Attacks against {BLE} and a Large-Scale Analysis of the Current Application-Layer Security Landscape. In 28th {USENIX} Security Symposium ({USENIX} Security 19). 1--18.

Google Scholar

[13]

Fenghao Xu, Wenrui Diao, Zhou Li, Jiongyi Chen, and Kehuan Zhang. 2019. BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals. In NDSS.

Google Scholar

Cited By

View all

Wu JWu RXu DTian DBianchi A(2024)SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00023(2847-228066)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00023
Levine AFeizi SLarochelle HRanzato MHadsell RBalcan MLin H(2020)(De)randomized smoothing for certifiable defense against patch attacksProceedings of the 34th International Conference on Neural Information Processing Systems10.5555/3495724.3496266(6465-6475)Online publication date: 6-Dec-2020
https://dl.acm.org/doi/10.5555/3495724.3496266

Index Terms

Privacy in the Mobile World: An Analysis of Bluetooth Scan Traces

Recommendations

Location Privacy Vulnerable from Bluetooth Devices
NBIS '13: Proceedings of the 2013 16th International Conference on Network-Based Information Systems

Bluetooth is a wireless network protocol widely used for many mobile devices. With carrying some Bluetooth devices, individuals are in the risk to be identified without noticing. Many devices are shipped as Bluetooth activated as default. This paper ...
Management of security policies for mobile devices
InfoSecCD '07: Proceedings of the 4th annual conference on Information security curriculum development

This paper discusses management of security policies for mobile devices. The increasing use of mobile devices in the workplace is covered, as well as new software applications that allow employees to use their mobile devices to increase their ...
Cross-App Tracking via Nearby Bluetooth Low Energy Devices
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy

Today an increasing number of consumer devices such as head phones, wearables, light bulbs and even baseball bats, are Bluetooth-enabled thanks to the widespread support of the technology by phone manufacturers and mobile operating system vendors. The ...

Comments

Information & Contributors

Information

Published In

CPSIOTSEC'20: Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy

November 2020

99 pages

ISBN:9781450380874

DOI:10.1145/3411498

General Chairs:
Michail Maniatakos
New York University Abu Dhabi, UAE
,
Yuqing Zhang
University of Chinese Academy of Sciences, China

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9, 2020

Virtual Event, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
150
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wu JWu RXu DTian DBianchi A(2024)SoK: The Long Journey of Exploiting and Defending the Legacy of King Harald Bluetooth2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00023(2847-228066)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00023
Levine AFeizi SLarochelle HRanzato MHadsell RBalcan MLin H(2020)(De)randomized smoothing for certifiable defense against patch attacksProceedings of the 34th International Conference on Neural Information Processing Systems10.5555/3495724.3496266(6465-6475)Online publication date: 6-Dec-2020
https://dl.acm.org/doi/10.5555/3495724.3496266

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Location Privacy Vulnerable from Bluetooth Devices

Management of security policies for mobile devices

Cross-App Tracking via Nearby Bluetooth Low Energy Devices

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations