Скачать или смотреть [Teaser] No need to ask the Android: Bluetooth-Low-Energy scanning without the location permission

No need to ask the Android: Bluetooth-Low-Energy scanning without the location permission by Vincent Toubiana and Mathieu Cunche. https://sites.nyuad.nyu.edu/wisec21/a...

The full paper will be presented at ACM WiSec 2021, the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, from June 28 to July 2, 2021.

** Abstract **
Bluetooth-Low-Energy (BLE) scanning can be misused by applications to determine a device location. In order to prevent unconsented location tracking by applications, Android conditions the use of some BLE functions to the prior obtention of the location permission and the activation of the location setting. In this paper, we detail a vulnerability that allows applications to perform BLE scans without the location permission. We present another flaw allowing to bypass the active location requirement. Together those flaws allow an app to fully circumvent the location restrictions applying to BLE scanning. The presented vulnerability affects devices running Android 6 up to 11 and could be misused by application developers to track the location of users. This vulnerability has been disclosed to Google and assigned the CVE-2021-0328.

** ACM WiSec 2021 **
The 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2021) will take place as an online/virtual conference from June 28 to July 2, 2021. The event will be hosted by the Center for Cyber Security at New York University Abu Dhabi (NYUAD).

ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile networks and their applications, mobile software platforms, Internet of Things, cyber-physical systems, usable security and privacy, biometrics, and cryptography.

Copyright (c) 2021 Association for Computing Machinery