What is it about?
Many devices rely on radio-based distance measurements for proximity-based access control; for example, a door that should only unlock when the wireless key is at close range. We show how a hacker could manipulate these measurements by reshaping radio signals on the fly, and simulate the attack against the new Bluetooth Channel Sounding standard. Ultimately, we find that existing defenses are ineffective against this threat.
Featured Image
Photo by Matthias Münning on Unsplash
Why is it important?
This research is timely because it targets "Bluetooth Channel Sounding," a next-generation standard that was recently introduced specifically to make distance tracking more secure. The impact of this work lies in the attack's simplicity: because hackers do not need to instantly read and decode the wireless signal, they do not require complex hardware. We demonstrate the feasibility of this idea by building a prototype using commercial off-the-shelf electronic components. Ultimately, this work gives hardware manufacturers and security engineers a head start to design stronger protections before this technology is widely deployed.
Perspectives
Writing this paper was a great pleasure. Beyond combining theoretical work with simulations and lab experiments, this work directly addresses new technologies about to enter the consumer electronics market. I hope these insights help improve the security of future applications that rely on secure distance measurements.
Claudio Anliker
ETH Zurich
Read the Original
This page is a summary of: Security Analysis of Time-of-Arrival Estimation via Cross-Correlation under Narrow-Band Conditions, June 2026, ACM (Association for Computing Machinery),
DOI: 10.1145/3765613.3811683.
You can read the full text:
Contributors
The following have contributed to this page
