| Popis: |
Bluetooth-enabled smartphones, wearable devices, as well as consumer electronics devices, are pervasive nowadays. Due to the low power consumption of Bluetooth hardware, users often leave Bluetooth enabled on their personal devices all the time. We find that even though the devices themselves may be protected against unauthorized connections, neighboring Bluetooth signals may still leak personal information. More specifically, a malicious smartphone application can easily obtain permission to perform Bluetooth scanning and then build a temporal trace of the number of active Bluetooth devices in the vicinity of a user. By collecting and analyzing data from 49 smartphone users over two weeks, we found that traces from different devices have little overlap and can, therefore, be used to identify a device with high likelihood. Moreover, Bluetooth advertisements from nearby devices can reveal what products the user may own making her susceptible to targeted advertisements. By comparing Bluetooth traces from multiple devices, the adversary can learn a user's location even if she does not give explicit permission to share her location. We also analyzed a public Bluetooth dataset to find similarities and differences with the conclusions drawn from our dataset. Our dataset has been publicly released for the scientific community. |
