Short range wireless communication protocols, such as Bluetooth®, allow mobile computing devices to communicate wirelessly with other nearby devices over relatively short distances, without having to route the communication through a network of remote devices, such as satellites and cell towers. Such wireless communication protocols have advanced in recent years through the development of various technologies, such as low energy technology. Low energy wireless communication protocols reduce the operating power requirements for wireless devices that implement the protocols. Bluetooth® Low Energy (BLE, or Bluetooth® Smart) is one example of such a low energy wireless communication protocol.
Beacons that are powered by a low energy wireless communication protocol, such as BLE, have been implemented in various scenarios to enable a diverse range of functionality, such as location-based services, mobile couponing, mobile payments, and so on. Beacons can be used to broadcast data to mobile devices (e.g., smart phones) that are within a transmission range of the beacon so that the mobile devices can provide contextual information to associated users. For example, when a mobile device is near a beacon that is situated in a retail store, the beacon's broadcast can be used to provide contextual information (e.g., coupons for nearby products) to a user via the mobile device. Beacons enable this functionality by broadcasting a radio signal with a sequence of unique identifiers (IDs) that can be associated with metadata, such as, store locations, departments within a store, product information, or the like.
However, at least with BLE protocol, radio broadcasts are generally not secure because unauthorized third parties are able to write code to harvest the unique IDs from the radio broadcast and use the associated metadata to apply context for illicit purposes, such as to engage a user via a mobile application with third party competitive content when the user is in proximity of the beacon. For BLE beacons, the unauthorized company need only harvest the universally unique identifier (UUID) and either the “Major” and “Minor” values or the media access control (MAC) address that are included in the radio broadcast in order to discover where the beacon is located and any associated context (e.g., information that the beacon is located within a specific department of a particular company's store). Thus, beacon broadcasts that operate using standard wireless communication protocols remain vulnerable to hackers.