Lost and Found: Stopping Bluetooth Finders from Leaking Private Information

05/17/2020
by   Mira Weller, et al.
0

A Bluetooth finder is a small battery-powered device that can be attached to important items such as bags, keychains, or bikes. The finder maintains a Bluetooth connection with the user's phone, and the user is notified immediately on connection loss. We provide the first comprehensive security and privacy analysis of current commercial Bluetooth finders. Our analysis reveals several significant security vulnerabilities in those products concerning mobile applications and the corresponding backend services in the cloud. We also show that all analyzed cloud-based products leak more private data than required for their respective cloud services. Overall, there is a big market for Bluetooth finders, but none of the existing products is privacy-friendly. We close this gap by designing and implementing PrivateFind, which ensures locations of the user are never leaked to third parties. It is designed to run on similar hardware as existing finders, allowing vendors to update their systems using PrivateFind.

READ FULL TEXT
research
08/31/2020

CenterYou: A cloud-based Approach to Simplify Android Privacy Management

With mobile applications and associated services becoming increasingly p...
research
12/10/2019

Client-side Vulnerabilities in Commercial VPNs

Internet users increasingly rely on commercial virtual private network (...
research
08/04/2017

On Evaluating Commercial Cloud Services: A Systematic Review

Background: Cloud Computing is increasingly booming in industry with man...
research
06/02/2020

Securing Your Collaborative Jupyter Notebooks in the Cloud using Container and Load Balancing Services

Jupyter has become the go-to platform for developing data applications b...
research
01/16/2022

Toward Among-Device AI from On-Device AI with Stream Pipelines

Modern consumer electronic devices often provide intelligence services w...
research
11/25/2014

Detecting fraudulent activity in a cloud using privacy-friendly data aggregates

More users and companies make use of cloud services every day. They all ...
research
05/27/2020

Security Improvements of Several Basic Quantum Private Query Protocols with O(log N) Communication Complexity

New quantum private database (with N elements) query protocols are prese...

Please sign up or login with your details

Forgot password? Click here to reset