The team discovered a flaw in the system, and identified tokens that exist alongside MAC addresses. The researchers created what they’re calling an address-carryover algorithm that is able to “exploit the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device. The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic.”
At the center of this flaw is Bluetooth BLE, which stands for Low Energy Specification). Introduced in 2010, it really came to the fore with the release of Bluetooth 5. The research team discovered it when they began investigating BLE advertising channels and “advertising events” within standard Bluetooth proximities.
“Most computer and smartphone operating systems do implement address randomizations by default as a means to prevent long-term passive tracking, as permanent identifiers are not broadcasted. However, we identified that devices running Windows 10, iOS or mac OS regularly transmit advertising events containing custom data structures which are used to enable certain platform-specific interaction with other devices within BLE range.”
Although this technique works on any Windows, iOS, and macOS system, Android devices are completely immune. That is because the Android OS doesn’t continually send out advertising messages, and instead takes the approach of scanning for advertising messages being transmitted nearby.
If all of that makes your head spin, consider this: The number of Bluetooth devices is projected to grow from 4.2 to 5.2 billion between 2019 and 2022. So this is a significant issue, deserving of attention.