An experimental study: RF Fingerprinting of Bluetooth devices
Artis Rušiņš, Krišjānis Nesenbergs, Deniss Tiščenko, Pēteris Paikens
TL;DR
Bluetooth RF fingerprinting identifies devices from physical-layer signals despite higher-layer privacy. The authors build an RF-isolated measurement setup using SDRs, extract per-packet CFO and a signal-amplitude scaling factor, and classify fingerprints with a kNN approach to achieve 84 percent accuracy on six devices. The results demonstrate that hardware-induced waveform imperfections leak device-identifying information even when protocol obfuscation is used. This work highlights privacy risks, informs manufacturers and regulators, and lays a foundation for larger-scale Bluetooth fingerprinting research and potential countermeasures.
Abstract
This paper presents an experimental study on radio frequency (RF) fingerprinting of Bluetooth Classic devices. Our research aims to provide a practical evaluation of the possibilities for RF fingerprinting of everyday Bluetooth connected devices that may cause privacy risks. We have built an experimental setup for recording Bluetooth connection in a radio frequency isolated environment using commercially available SDR (software defined radio) systems, extracted fingerprints of the Bluetooth radio data in the form of carrier frequency offset and scaling factor from 6 different devices, and performed k-nearest neighbors (kNN) classification achieving 84\% accuracy. The experiment demonstrates that no matter what privacy measures are being taken in the protocol layer, the physical layer leaks significant information about the device to unauthorized listeners. In the context of the ever-growing Bluetooth device market, this research serves as a clarion call for device manufacturers, regulators, and end-users to acknowledge the privacy risks posed by RF fingerprinting and lays a foundation for more sizeable Bluetooth fingerprinting analysis research.