Understanding Bluetooth Security: Bluetooth Address & Privacy

Bluetooth Smart is also referred to as BLE or Bluetooth Low Energy. Both Bluetooth low energy android and iOS devices are intended for the intermittent advertisement of the position or its presence. The advertisement packet holds the broadcaster’s MAC address and unique service formation. It also has proximity information of the device mentioned in signal strength. So, by using the advertisement data and characteristics information that is publicly available, any attacker can excerpt a massive volume of information with which devices can be tracked based on the unique information.

Similar to MAC address for LAN connected devices, Bluetooth devices have an identity address for each device. Knowing the working of Bluetooth addresses is essential for every BLE technology developer, especially to meet the device’s privacy concerns. Let’s, see about Bluetooth address and privacy in this write-up.

About Bluetooth Address

A Bluetooth address is a 48-bit value that uniquely identifies a Bluetooth device. It is also referred to as a Bluetooth MAC address, and in Bluetooth specification, it is known as BD_ADDR.

Bluetooth addresses are classified into two main types: 

Public address
Random address
 ->> Random Static
Random Static Resolvable Static Address
Random Static Non-Resolvable Static Address
 ->> Random Private
Resolvable Random Private
Non-resolvable Random Private

A Bluetooth device utilizes at least one of these address types, and sometimes both public and random address types.

Public Address

Bluetooth’s public address is a constant worldwide address, i.e., it never changes and is registered with IEEE. It abides by the same guidelines as MAC Addresses and is an extended unique identifier EUI-48.

For creating a valid EUI-48, it needs at least one of the below MAC Address Block types from the IEEE Registration Authority:

  • MAC Address Block Large (MA-L)
  • MAC Address Block Medium (MA-M)
  • MAC Address Block Small (MA-S)

Random Address

Random addresses do not need any registration with the IEEE. It is an identifier that is either programmed within the device or created during runtime based on the subtype.

There are two subtypes in Random addresses, namely:

Random Static address – this particular type of Bluetooth addresses serves as a common alternative to Public addresses as no fees are involved when using it.

Uses of Random Static Addresses

  • It can be allocated and fixed throughout the device’s lifespan
  • It can be altered at bootup but not during runtime

Random Private Address

Random Private addresses are of two types: resolvable and non-resolvable. Random Private addresses are specially used for privacy protection of a Bluetooth device, hiding the identity and avert the device tracking.

  1. Resolvable Random Private Address – The primary purpose of a Resolvable Random Private Address is to safeguard from malicious third-parties from tracking a Bluetooth device. Simultaneously, it allows one or more trusted third parties to identify the Bluetooth device of interest. This Random Private address is “resolvable” by using a key shared with a particular trusted device, which is known as the Identity Resolving Key (IRK). The IRK generates the address initially and a random number.
  2. Non-Resolvable Random Private Address – This type of address changes from time to time. The main difference from resolvable addresses is that any other device cannot resolve it. The primary purpose of the address type is to avoid tracking by other BLE devices. This type is uncommon; however, it is sometimes made use of in ibeacon apps.

Privacy in BLE

Privacy is a significant concern for several Bluetooth device users. It is a serious issue to be concerned as ensuring that the access for untrusted parties is blocked and rendered unable to track a device using its Bluetooth address.

If security measures are not carefully put in place, then using this address, users can be tracked. Fortunately, BLE offers Privacy features to protect against attacks by using a resolvable private address. This address type needs a connection between the two Bluetooth devices to resolve the other’s address.

Steps involved in privacy implementation for BLE devices:

  • Identity Resolving Key is utilized for creating and resolving the resolvable random private address.
  • Each Bluetooth device generates IRK in the vicinity, either randomly or allocated during manufacturing.
  • Each device stores down its peer’s IRK in a revolving list during bonding or establishing a connection. It is then used to identify and resolve the peer device’s private address at a later stage.
  • The hash included in the private address is verified by checking its match with the output of the local hash computation equation: hash = ah(IRK, prand)
  • Subsequently, the device has locally stored IRK. It has access to the prand included as a portion of the private address contained within the BLE packets; it can execute this computation.

It’s essential to note that the IRK does not reveal the peer’s Identity Address and is used for verification purposes only.

If you are looking for top-notch custom development of BLE Android and iOS app development reach us for a discussion at +1-408-400-3737