Identified a vulnerability in the Bluetooth presentation engine on Apple and Microsoft devices.

 Despite the continuous and continuous process of improving Bluetooth technology, devices and protocol based on this technology continue to be vulnerable. The passing nineteenth conference, Privacy Enhancing Technologies Symposium, again highlighted the relevance of this problem. The presentation was made by the staff of Boston University, who conducted new research about Bluetooth vulnerability. They made public data on the flaw in the Bluetooth presentation engine, which makes it possible to obtain information about the device identifier of interest and subsequent unimpeded and constant tracking of its movement.

It is worth noting that the method for determining the unique identifier of the device, developed for research by university staff, could not affect the Bluetooth presentation mechanism in the Android OS. In contrast, tablets, laptops, smartphones and smart watches running on software from Microsoft and Apple were vulnerable to a flaw. More specifically, it can be said that the problem was found on devices managed by macOS, iOS and Windows 10. The key difference between Apple and Microsoft on the one hand and the Android operating system turned out to be as follows. Devices that operate on Apple and Microsoft systems focus on the permanent distribution of Bluetooth views, including cases where the approximation of another Bluetooth device is not yet defined. In contrast, Android does not organize a constant distribution of similar views, the Bluetooth device in its basic state is receiving. From this it follows that mobile devices for Microsoft and Apple could provide a potential scammer with the necessary amount of open data so that it can analyze patterns and identify true unique device identifiers using a special algorithm.

Bluetooth 5 was chosen for the study. The BTLE package of a well-known Chinese expert on cybersecurity was used to intercept the necessary data in the text-breaking mode. The task of sifting in the mode of presenting data on MAC-addresses was solved by an algorithm specially created for these purposes. In a standard situation, the Bluetooth protocol provides protection against tracking by randomly assigning a MAC address. The researchers have developed an algorithm that is able to identify patterns in the accumulation of the minimum required amount of data. This allows you to set a genuine device ID. Microsoft and Apple can correct the flaw by adjusting the Bluetooth view.