A Bluetooth vulnerability would allow cyber criminals to track the activity of those wearing fitness trackers or using Apple devices
Along with Wi-Fi, Bluetooth is undoubtedly the most well-known and widely used wireless connection. Present now on any kind of device (from smartphones to smart bulbs, through wireless speakers, smartwatches and fitness trackers) it is extremely versatile and allows you to connect two devices without consuming too much energy.
In spite of its wide use (or maybe just because of it), it sometimes happens that hackers manage to discover, and exploit for their shady purposes, software flaws in the Bluetooth firmware. The last one, for example, has been made known just a few hours ago by a group of researchers from Boston University. In particular, it is a vulnerability that affects some of the most popular fitness trackers on the market, giving the possibility to some hacker to identify with great precision the position of the wearer or user of the device.
The flaw in the Bluetooth connection
As mentioned, the Bluetooth vulnerability identified by Boston University would allow third parties to determine the position of the user, a sensitive information, especially in the hands of a possible stalker. The flaw in the Bluetooth connection is related to the way the connection between two devices is established and managed.
When this happens, one of the two devices takes a "central" role, managing the technical aspects of the communication. In particular, what is called the "master" assigns to the other device (called the "slave") a sort of address to which data packets are sent. To protect users, this address is changed at regular intervals, so that communication is anonymous. Or, at least, try to. Thanks to a complex algorithm, in fact, it is possible to go back to the original address and trace, in this way, all the activities and data sent.
Bluetooth risk: the devices affected
According to what analysts and researchers have stated, Android devices would not be affected by the vulnerability, while Appleand Windows 10 devices run a real risk. But FitBit users are the ones who should be particularly careful, because the San Francisco-based fitness devices are not able to update their unique addresses, making them easy prey for attackers.