The popular Bluetooth Low Energy (BLE) beacon protocol isn't just a privacy risk up close it, pointing to the potential for fitness trackers to be hacked.Scott Lester, a researcher at Context, has uncovered a concept known as Bluesniping, which can be used to intercept devices if the hacker has the means to do so, allowing them to find out who a device belongs to.
As people rarely take off fitness tracking devices, some authorities have become concerned about the privacy of such devices, including the Chinese government.
While BLE technology has been very successful in reducing the power consumption of such peripherals, because they are constantly broadcasting information.
BLE is not a new technology, but it's adoption for certain applications is novel. Compared to traditional Bluetooth, it enables a new means for electronic devices to constantly communicate with each other. Whilst wearable technology and other applications are becoming increasingly popular.
These broadcasts can almost always be attributed to a unique device, contrary to measures taken in the protocol to anonymise devices by randomising the MAC addresses. Depending on the product, some of these broadcasts can also be identified to a particular manufacturer, or the product model, or an individual product.
Scanning for these broadcasts is easy either with cheap hardware or with a smartphone. This allows us to identify and locate particular devices, which for devices such as fitness trackers that are designed to be worn all the time, means that we can identify and locate a person, to within a limited range.
Lester said: "Scanning for these broadcasts is easy either with cheap hardware or with a smartphone. This allows us to identify and locate particular devices, which for devices such as fitness trackers that are designed to be worn all the time, means that we can identify and locate a person, to within a limited range.
"There are clear implications to privacy, just as there are ways that this technology could be exploited for social engineering and crime."
