Your smartband could be giving away your location

Science

18 Jul 2019

Hackers can track you via Fitbit, other smartbands: Here's how

If you own a Fitbit, chances are your device has a critical Bluetooth vulnerability, one that could allow hackers to track you.

A group of Boston University researchers recently revealed the issue, noting that hackers can actually pinpoint your location using high-profile Bluetooth gadgets.

This could proliferate cases of stalking and abuse, posing a major threat to your security.

Here's more.

Issue

How Bluetooth devices can give away your location

How Bluetooth devices can give away your location

When two Bluetooth devices connect, one serves as the central part of the connection while other takes the peripheral role.

The peripheral device sends out all the data associated with the connection, including a randomized address (similar to IP address), to the central device.

However, as it turns out, this information can be decoded with what the researchers call a 'sniffer' algorithm.

Tracking

Bluetooth connection data enables tracking

Though the randomized address generated by the peripheral device is reconfigured regularly, the sniffer algorithm can detect it to identify Bluetooth connections, the researchers said.

This doesn't divulge personal information but can allow third-parties to locate active Bluetooth devices and the people using those devices.

Now, that's a major concern because a majority of people pair smartbands, headphones with their phones via Bluetooth.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify me

Impact

iOS, Windows devices vulnerable, Android not

Theoretically, the issue can be leveraged to track the location of any Bluetooth-enabled device, be it a phone, smartband or headphone.

The researchers involved in the work say iOS and Windows 10 devices can be tracked but Android remains shielded from the glitch.

Also, Fitbit devices don't update their unique address from to time, which makes it even easier to track them.

Solution

Don't throw your smartband just yet

Don't throw your smartband just yet

While the issue can have major privacy implications, don't throw away your Bluetooth-enabled gadgets just yet.

The researchers say the bug can be avoided by simply turning off and turning on Bluetooth again.

This will reconfigure the information, thereby protecting your iOS and Windows 10 devices from being tracked by third-party attackers trying to exploit this vulnerability.

Share this timeline

Bluetooth

Location History

Security

Android

Boston University

Fitbit

IP

Windows 10

Share this timeline

Ask NewsBytes
User Image

Next Timeline