Skip to Main content Skip to Navigation
New interface
Conference papers

Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile

Guillaume Celosia 1, 2 Mathieu Cunche 2, 1 
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
Abstract : Bluetooth Low Energy (BLE) is a short range wireless technology included in many consumer devices such as smartphones, earphones and wristbands. As part of the Attribute (ATT) protocol, discover-able BLE devices expose a data structure called Generic Attribute (GATT) profile that describes supported features using concepts of services and characteristics. This profile can be accessed by any device in range and can expose users to privacy issues. In this paper, we discuss how the GATT profile can be used to create a fingerprint that can be exploited to circumvent anti-tracking features of the BLE standard (i.e. MAC address randomization). Leveraging a dataset of more than 13000 profiles, we analyze the potential of this fingerprint and show that it can be used to uniquely identify a number of devices. We also shed light on several issues where GATT profiles can be mined to infer sensitive information that can impact privacy of users. Finally, we suggest solutions to mitigate those issues.
Document type :
Conference papers
Complete list of metadata

Cited literature [28 references]  Display  Hide  Download
Contributor : Mathieu Cunche Connect in order to contact the contributor
Submitted on : Monday, December 16, 2019 - 9:09:39 AM
Last modification on : Thursday, August 4, 2022 - 5:18:37 PM
Long-term archiving on: : Tuesday, March 17, 2020 - 3:36:52 PM


Files produced by the author(s)



Guillaume Celosia, Mathieu Cunche. Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile. IoT S&P 2019 - 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things, Nov 2019, London, United Kingdom. pp.24-31, ⟨10.1145/3338507.3358617⟩. ⟨hal-02359914⟩



Record views


Files downloads