Bluetooth has long been an everyday facet of our lives. It permeates all our devices from wireless mice and keyboards to our smart watches and speakers. Most of us don't worry about the security of Bluetooth, trusting its encryption to thwart potential attacks. But now researchers at the University of California San Diego have found a way to track a phone based on its Bluetooth signal.

The UCSD researchers focused on fingerprinting devices communicating with Bluetooth Low Energy. BLE was designed to reduce the power consumption of traditional Bluetooth at the cost of a bit of bandwidth and range. Those lowe power demands (sometimes 1% of traditional Bluetooth) mean that BLE-equipped devices can and do broadcast constantly.

Rather than trying to break the encryption of the data within the signal, the researchers instead focused on identifying unique features of the radio signal being broadcast. All wireless transmitters have signal variance which can be unique to each phone. These imperfections manifest themselves in the signal and can be isolated from the underlying data, creating a unique marker (or fingerprint) for the broadcasting device.

But just how unique are those fingerprints? Could an attacker distinguish between you and a friend with the same phone? When the researchers field tested their technique both the false positive rate and the false negative rate were below 5%. The Pixel 5 they examined had a false negative rate of 0%, meaning there was never a case when it wasn’t correctly identified.

Before you go thinking that this the end of privacy as we know it, there are some significant limits on the feasibility of this sort of tracking. To begin with, not all imperfections are unique. Some BLE chipsets produce similar imperfections making them harder to uniquely identify. Fingerprints can also change based on temperature, limiting the technique to stable environments.

Thankfully, if you’re really concerned about being tracked your defense is simple: Turn off your Bluetooth.