Dead on Arrival: An Empirical Study of The Bluetooth 5.1 Positioning System
This addresses the reliability and security of Bluetooth-based positioning for IoT applications, highlighting incremental improvements and vulnerabilities in the standard.
The paper empirically evaluates the Bluetooth 5.1 positioning system's accuracy using Angle of Arrival (AoA), finding it achieves sub-meter accuracy but struggles with centimeter-level precision, and identifies a security vulnerability where AoA measurements can be tampered with, proposing simple fixes.
The recently released Bluetooth 5.1 specification introduces fine-grained positioning capabilities in this wireless technology, which is deemed essential to context-/location-based Internet of Things (IoT) applications. In this paper, we evaluate experimentally, for the first time, the accuracy of a positioning system based on the Angle of Arrival (AoA) mechanism adopted by the Bluetooth standard. We first scrutinize the fidelity of angular detection and then assess the feasibility of using angle information from multiple fixed receivers to determine the position of a device. Our results reveal that angular detection is limited to a restricted range. On the other hand, even in a simple deployment with only two antennas per receiver, the AoA-based positioning technique can achieve sub-meter accuracy; yet attaining localization within a few centimeters remains a difficult endeavor. We then demonstrate that a malicious device may be able to easily alter the truthfulness of the measured AoA, by tampering with the packet structure. To counter this protocol weakness, we propose simple remedies that are missing in the standard, but which can be adopted with little effort by manufacturers, to secure the Bluetooth 5.1 positioning system.