Abstract
A Bluetooth finder is a small battery-powered device that can be attached to important items such as bags, keychains, or bikes. The finder maintains a Bluetooth connection with the user's phone, and the user is notified immediately on connection loss. We provide the first comprehensive security and privacy analysis of current commercial Bluetooth finders. Our analysis reveals several significant security vulnerabilities in those products concerning mobile applications and the corresponding backend services in the cloud. We also show that all analyzed cloud-based products leak more private data than required for their respective cloud services. Overall, there is a big market for Bluetooth finders, but none of the existing products is privacy-friendly. We close this gap by designing and implementing PrivateFind, which ensures locations of the user are never leaked to third parties. It is designed to run on similar hardware as existing finders, allowing vendors to update their systems using PrivateFind.
| Original language | English |
|---|---|
| Title of host publication | WiSec 2020 - Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks |
| Publisher | Association for Computing Machinery |
| Pages | 184-194 |
| Number of pages | 11 |
| ISBN (Electronic) | 9781450380065 |
| DOIs | |
| Publication status | Published - 8 Jul 2020 |
| Event | 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2020 - Linz, Virtual, Austria Duration: 8 Jul 2020 → 10 Jul 2020 Conference number: 13 |
Conference
| Conference | 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2020 |
|---|---|
| Abbreviated title | WiSec 2020 |
| Country/Territory | Austria |
| City | Linz, Virtual |
| Period | 8/07/20 → 10/07/20 |
Keywords
- bluetooth
- internet of things
- localization
- privacy
- 22/2 OA procedure