Forgot your password?
typodupeerror
Privacy Wireless Networking Hardware

Tracking People Using Bluetooth 65

Posted by CmdrTaco
from the turn-your-bluetooth-off dept.
damdam writes "A Dutch guy seems to have set up a small network of bluetooth scanners. He has all the information logged to a central database and you can search it over the web. On his website it says "Some of these matches were only minutes apart. Therefore I could even calculate the approximate speed of someone moving from one location to another.". There are also some interesting statistics on his site showing traffic volume in his hometown (based on bluetooth signals) and he even lists popularity of certain Nokia phones. It's interesting to see how much information an individual can gather using old equipment."
This discussion has been archived. No new comments can be posted.

Tracking People Using Bluetooth

Comments Filter:
  • Or... (Score:4, Funny)

    by FlyingSquidStudios (1031284) on Sunday November 11, 2007 @10:07AM (#21313023) Homepage
    He could just sit and watch people go by and see what they do.
  • Bluetooth Attacks (Score:5, Insightful)

    by nbannerman (974715) on Sunday November 11, 2007 @10:08AM (#21313027)
    An excellent example of how the general public has no idea what technology is capable of. Imagine this chap was in the mood to cause a bit of disruption; I wonder how many of these phones would automatically accept a data transmission?

    Case in point - a local pub automatically sends a simple java-based football game to your phone (or attempts to) via bluetooth when you enter. Some people have set their bluetooth to accept automatically and wonder what has happened when they discover the application sitting there a few days later.

    Mildly amusing at times, but it does highlight the security risks associated with a system that can rely on users thinking about security to work properly.
    • Re:Bluetooth Attacks (Score:5, Interesting)

      by ZombieWomble (893157) on Sunday November 11, 2007 @10:20AM (#21313095)
      Interestingly, this issue actually came up in the technology sections of the UK media a while back, but under a rather different guise - that of "toothing" [wikipedia.org].

      Specifically, people would use bluetooth to discover other people with active devices (on trains or what have you), and send the message "toothing?" as an invitation to have sex in a nearby bathroom or similar. The media of course lapped it up, and for a while there was quite a bit of talking about what exactly you could and couldn't do over bluetooth on a standard phone.

      Of course, it eventually turned out the whole "toothing" thing was a hoax. But it wouldn't surprise me if there were a lot of very confused people on trains around the UK for a while.

      • Oh yeah, I remember the articles in the mainstream media, kinda funny really.

        I can remember changing a friend's device name to something highly inappropriate before jumping onto a Circle Line train... and despite his name we didn't get a single offer...!
        • by internewt (640704)
          My phone's called "Free Porn. Pin 69", and only once have seen another person try and pair with it. That was when I was waiting at Heathrow airport, where there's lots of bored people who might be playing with their mobiles (or thier cock, but I'm going to ignore that choice!).

          (The PIN isn't really 69, my phone prompts everytime a pairing is done).
      • Re: (Score:3, Interesting)

        There's an app called "Bluejacker" for Palm based devices with bluetooth that will spam a message to any bluetooth-enabled devices within range.

        Or in other words, it's orgy time!
      • by scc4fun (1044794)
        It was later reported that those news stories about "toothing" were a hoax. IIRC the original article authors admitted that it was a hoax several months after the fact.
    • Go for the Macs (Score:5, Interesting)

      by DingerX (847589) on Sunday November 11, 2007 @10:35AM (#21313183) Journal
      I confess that I do from time to time look to see who has their bluetooth in discoverable mode. Some cellphones do it, and these have generic names (such as the Verizon WonderPrice Z302). My GPS transceiver doesn't have a non-discoverable mode (If you see a device called "In my pants, not my car", come over and say hi, sugar). But Macintoshes seem to be discoverable by default, and even better, advertise that they are Macintoshes and give the name of the user.

      I won't comment on Apple's policy in doing so, and I'll leave you to figure out what kinds of social engineering and hacking exploits this opens the door to. I'm just sayin', that's all.
      • by hal9035 (827327)
        If this is for real, can you imagine what the Mac fanbois would say if it was a default MS condition?
      • by sootman (158191)
        But Macintoshes seem to be discoverable by default

        I'm pretty sure you're wrong about that. I don't have a virgin test Mac to verify but I'm pretty sure that while bluetooth will be on by default if you have it (and I'm not even sure about that) you've got to hit some settings to make a Mac discoverable.

        As for advertising that they're a Mac and the user name--the default system name of a Mac is something like "Bob's PowerMac" (where "Bob" was the name of the first user to set up the machine.) Easily changed
        • It's true - I have a new 24 inch aluminum iMac 24 inch running leopard, just checked the bluetooth menu, and it's on, with discoverable on. Yow! Thanks for the tip!
    • Re:Bluetooth Attacks (Score:5, Interesting)

      by Teun (17872) on Sunday November 11, 2007 @11:26AM (#21313469) Homepage
      In countries (Saudi Arabia, Iran) with a more advanced religion [slashdot.org] than the US Bluetooth is used as an aid in dating.
      Males and Females are by law not allowed to mix in the same room (of a restaurant) so they use their Bluetooth for contact through the separations.
      • These countries have their own problems by not allowing Males and Females to mix together by law. Other countries which allow, have a seperate set of problems. Exactly who's problem is worse, is subjective.

        • by Teun (17872)
          Indeed, not allowing males and females to mix at all has far greater advantages, think of an end to over population!

          Joking aside, in societies and countries where this free mixing is not thought of as problematic we see the lowest birth rates.

          If you were thinking of things like STD in a liberal society, this is at least as prevalent in the countries with restrictions were the only option to have a sexual adventure generally is illegal prostitution.
          And men in these societies do find the prostitutes!

          A
          • That, so called, restricted socities have higher brith rate than the liberal societies, isn't a pro liberal point. I understand that neither did you say it.

            But as you said, STD is prevalent in both societies, as is prostitution. Proves nothing pro or anti.

            Inbreeding is a culture issue, which has nothing to do with how women chose to cover up themselves in a society. Look at the Amish case.

            So the only issue we are down to, is that you find it scandalous, obscene. Which is your personal feeling. Who knows, pr
  • Imagine the range if you put a large exernal antenna on a bluetooth dongle. We got about a range of 1km IIRC. (This was at the Wireless Community Camp 2007 in the Netherlands.)

    [0] http://www.wifisoft.org/trac/wcc-2007/attachment/wiki/WikiStart/IMG_0127_mod.jpg [wifisoft.org]

  • Cool (Score:5, Interesting)

    by Cheesey (70139) on Sunday November 11, 2007 @10:37AM (#21313191)
    He should link this up to a network of CCTV cameras. The appropriate database software would give him the ability to not only track a person's movements, but also watch what they were doing at any specific time. A powerful search engine could be used to find meetings between people, digging up CCTV and audio recordings of those meetings. No need to solve the problem of automatically recognising people using CCTV images: the Bluetooth devices that they carry provide that capability.

    The next step would be to scale the network up to cover an entire city or country. Perhaps he might like to consider using an RFID scanner in addition to the Bluetooth one, so that RFID chips being carried by people could also be used to identify them. Just in case the people decide they want some privacy. When RFID chips are widely used for stock control, it will be difficult to avoid buying things that contain them, and they can't be turned off. Robust identification could be provided by the "cloud" of RFID chips carried by each person.

    It's amazing when you think of what is now technically possible, given a sufficiently large budget.
    • When RFID chips are widely used for stock control, it will be difficult to avoid buying things that contain them, and they can't be turned off. Robust identification could be provided by the "cloud" of RFID chips carried by each person.

      Did you know about RFID "powder" [tfot.info]? (it was discussed on /. [slashdot.org] earlier this year) In short, RFID so small it will stick to people's hair if sprayed on a crowd. In forensics, you can thus know who was in the crowd with simple RFID scanners. There's much more applications, of course. (shameless plug; selected RFID stories here [slashgeo.org])

  • It's a quiet Sunday morning here on slashdot, only six replies on this story so far, and yet I think we've overwhelmed his little database:

    Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'database.icepick.com' (4) in /home/.guenivere/icepick/public_html/php/livedata.php on line 6
    Error connecting to mysql


    Check the books; that's got to be some kind of record.
    • Check the books; that's got to be some kind of record.
      Six people reading TFA?

      I think you're right!

      - RG>
    • by Indes (323481)
      I was reading, but didn't reply.

      Make it 7.
    • by J0nne (924579)
      Well, I was able to RTFA before it was slashdotted, and in it he said his MySQL server already had trouble keeping track of all the data. Adding a slashdotting to the mix probably didn't do the poor server any good (he's probably hosting it himself on a PIII attached to a DSL line or something).

      It's just plain irresponsible of the submitter not to use the Coral cache [nyud.net]...
      • by J0nne (924579)
        Oh, and the error message gives us a chance to find his homepage [nyud.net], where he seems to log everything happening in his house. It looks like he flushes his toilet a lot, lately.
        • This is quite amazing... in a disturbingly peeping-tom kind of way! Some bits from Icepick.com A wired house [nyud.net]:

          Everytime the doorbell is rang the computer will take a picture of the person ringing the doorbell. Since 20-Jun-1998 the doorbell has been rang 2815 times. An average ring lasted for 0.62 seconds.

          Everytime the fridge is opened the computer will take a snapshot and record the date, time and duration of the fridgedoor opening. Since 12-Jul-1998 the fridge has been opened 47811 times. An average dooropening lasted for 31.87 seconds.

          Check out how often his cat eats, and the temperature in his toilet! neat.

    • Re: (Score:3, Informative)

      by pla (258480)
      Check the books; that's got to be some kind of record.

      Nah - Sometimes servers get Slashdotted before a single post makes it in.

      And now that we have the Firehose, it wouldn't surprise me to start seeing the occasional story Slashdotted before even making it to the FP.
  • Cityware (Score:3, Informative)

    by aj50 (789101) on Sunday November 11, 2007 @10:42AM (#21313217)
    Sounds quite similar to the facebook application made by the Cityware [cityware.org.uk] project. It tells you whose been near their hotspots at the same time as you.

    As one of our projects on my course, we're looking at extending this to do without hotspots and be able to show you a list of who's around you right now, pulling their name and picture from facebook and alerting you if one of your friends is near by. We're also looking to be able to store where you've met people and display this using google maps.

  • by drewmoney (1133487) on Sunday November 11, 2007 @10:44AM (#21313233)
    Seriously, what happened to the good old days when you could just:

    1. Follow them home from the grocery
    2. Tail them from a car/taxi/bicycle
    3. Hide out in the donut shop across from their work
    4. Pretend to be a jogger/homeless bum in the park
    5. Break into the house across the street and set up a stakeout
    6. Hide in their backseat under a blanket
    7. Put on camouflage and pretend you are a bird
    8. Dress up in a gorilla suit
    9. Paint yourself 'brick' colored
    10. Mini submarines!?!?!?!?

    This technology stuff is crap I tell you.

    • 11: ???????
      12: PROFIT!
    • Re: (Score:2, Funny)

      by Anonymous Coward
      ".....8. Dress up in a gorilla suit"

      Hey, who the hell are you ?

                  Hey, hey, we're the Monkeys

      What are you doing ?

                  Some people say we monkey around

      Are you following me ?

                  We're too busy singing to put anybody down
  • by mikeselectricstuff (556110) on Sunday November 11, 2007 @10:52AM (#21313273) Homepage
    We used Bluetooth for tracking people across London Bridge & displaying the results on Tower Bridge as part of a 1-week lighting festival earlier this year - info at http://www.whitewing.co.uk/switchedon.html [whitewing.co.uk] I was also recently involved in installng a permanent Bluetooth-responsive light artwork in a bench outside ASDA in Poole, Dorset - this generates colour waves moving along the bench in response to people walking past, using relative signal strengths from 2 sensors to determine direction. (pic at http://www.flickr.com/photos/mannmade/1432286282/ [flickr.com])
  • like a horror story (Score:4, Interesting)

    by jollyreaper (513215) on Sunday November 11, 2007 @11:52AM (#21313693)
    In stories past, we've gotten used to the cliche of the endlessly capable killer. If he is not explicitly supernatural and haunting your dreams, he still is capable of performing many feats that would defy logic and credulity. He can always find the victim when she is alone, either terrorizing her and letting her escape or doing away with her then and there. He is able to avoid detection, knows how and where to find her, etc etc. V in the comic operates in a similar fashion. At least the writers came up with a decent enough explanation: the government was so paranoid they wanted to have everything in tight, centralized control with a complicated computer, a computer that V had backdoor access to. That explains how it seems like he has eyes and ears everywhere, how he can slip through security measures as if they weren't even there, etc.

    With the kind of electronic surveillance we have going on now, the technology available, it would be so easy to fuck with people. Nevermind the Orwell angle, which we're already well familiar with. Consider the "stalker cop" scenario, someone who is placed in a position of authority which he then abuses. A nut could stalk and terrorize someone without ever leaving the computer. There was a story about Perverted Justice that seemed too outlandish to be true but has not yet been debunked -- the PJ founder had a detractor that he wanted to get revenge against. He posed as a hot chick in chat and carried on an affair with the guy for months, up to and including the guy divorcing his wife and flying out to another state to meet his new lover. Then bang, the PJ guy lowers the boom. Ok, so one part of me says that the guy must have been a credulous boob but the other part of me says even so, the PJ guy sank hundreds of hours into this psycho revenge. That's a scary level of commitment.

    I guess what I'm getting at is that all this technology is giving people ways to fuck with other people that haven't even yet been conceptualized. Planting kiddie porn on the soon-to-be-ex's computer and calling the cops is barely scratching the surface.
    • In other news (Score:1, Flamebait)

      by giafly (926567)
      In the UK, from today's news, it seems literally anyone can get access to security data. If you're a rapist or something, talk with a fake foreign accent and don't give your real name. You may even get employed by PM Gordon Brown and get the chance to try out parent's suggestions.

      The Home Office has admitted illegal immigrants have been mistakenly cleared for jobs as security staff... The Home Office says the SIA [Security Industry Authority] did not check applicants were entitled to work in the UK before g

  • Roommate tracker (Score:5, Interesting)

    by Solder Fumes (797270) on Sunday November 11, 2007 @12:25PM (#21313931)
    Reminds me of an experiment I did a while ago. On a whim, I stuck an old USB Bluetooth dongle into a 400MHz Linux box I had set up as a random-task server in the apartment closet. It was recognized and running immediately (wait, what?) so I played around with some of the HCI commands. Long story short, we soon had a tracking system tied to our cell phones. Whenever either of us approached the apartment, the server would log the event on a web page, play a few tones and announce "so-and-so has entered the perimeter" to the apartment. Similar if either of us left. The web page had a status indicator showing whether we were IN or OUT. This was handy in a few ways; you could tell if your roommate was already home from work and give them a call to see if a parcel was delivered, etc.

    I also played around with gathering some information and playing it via Festival on arrival, "welcome back so-and-so, you were away for 10 hours and 23 minutes. You have 143 new emails, 132 marked as spam." Could be expanded a lot with other functions; music presets, wake my computers, etc. Anyway, the system fell into disuse after the computer was moved and the cat ate the speaker wire. But it was pretty interesting to see how easy it was to use Bluetooth as a presence detector, with a few lines of shell script. The phones didn't even need to be set in Discoverable mode, once the mac addresses were gathered.

    This kind of thing is a piece of cake for the various secretive agencies to do to you on a global level, and they don't even need Bluetooth...every cell phone is a little tracking device. Too bad that power is several orders of magnitude more difficult for the public to obtain, as it is a centralized service much like the government itself. Sure, you can track your kids' phones if you pay Sprint some extra cash...but the head of the NSA can see where everyone with your last name had lunch today, while you can't log in and make sure he didn't skip work and go to the golf course instead. This is just a small example of the ways we're gradually being tagged and tracked, and it's a good think to have people aware and thinking of it. The power may be in the right hands for the most part, but it can be misused so easily.
    • Sounds a lot like what I've got installed on my Mac: http://mirasoftware.com/BPE2/ [mirasoftware.com]
    • by z4pp4 (923705)
      Please oh please post a link to the code?
    • I used to do something similar with Romeo on the Mac (a program that lets you associate arbitrary AppleScripts with device enters/exits range events). Whenever the I walked away from my computer, it would lock the screen, pause iTunes, and set an away message on my IM client. I turned it off eventually because I kept leaving my phone in my coat pocket just on the edge of range so it would periodically think I had exited range in the middle of working.
    • Anyway, the system fell into disuse after the computer was moved and the cat ate the speaker wire.

      Ha! A very interesting post, but this was by far my favorite sentence.

      Ooooooh..... the cat's eaten it.
      Has he?
      She, sir.

  • You could send p2p URIs in it.

    I've tried quite a bit to get interactive BT stuff going. There seems to be no way to offer decent options to message recipients. We would like to be able to send them a menu from which they can choose "download image", "download video" or "download music" (or some other choice). All I've managed to work out is discover "client", send message. The client then gets somethign akin to "DrSkwid is trying to send you a message, accept y/n". On my Nokia N80 you can't even choose "rep
  • I wouldn't say this is not new, however it has been done before in a different setting, a smart house, using a grid of blue tooth receivers and a transmitter with lowered power output ... these guys (http://www.emeraldinsight.com/Insight/viewContentItem.do;jsessionid=19F24FABE390002FE57D99D3E08C1724?contentType=Article&hdAction=lnkhtml&contentId=874924) the university I goto, were able to track humans through the room, allowing for a kind of location dependent service from room to room. There was a
  • Primarily wifi, but with rfid location aware people tracking to a resolution of a couple feet (with variable accuracy) within a university building, based on existing wifi antennas.
    http://whereabouts.eecs.umich.edu/ [umich.edu]

    Whereabouts is a project at the University of Michigan to build a location sensing network using widely available off-the-shelf components, such as RFID sensors and 802.11 stations.

    Our goal is to build a network of sensors that will allow users and computers to detect and share their location in

  • How easy/difficult is it to change/spoof a Bluetooth hardware address? I've been playing around with using hcitool -scan to lock and unlock gnome-screensaver when I walk away from the computer and am curious if this is merely a somewhat bad idea, or a truly epic bad idea.
    • bad idea for sure, truly epic bad idea if you have sensitive information/ your hardware address can be sniffed and repeated at a later time. You could use classic symmetric key cryptography, but then again someone could sniff the encrypted "unlock" message and repeat it at a later time too. Then you could add nonces as timestamps or use another method, but it becomes more complicated as you go and I would suggest you stick with the old fashioned type-in-your-god-damned-password method.
  • It might be worth checking out the device called "sexy vixen" appearing now in the bluetooth radar:
    http://www.bluetoothtracking.org/livedata.php [bluetoothtracking.org]
  • Quick, someone set their phone ID to ""; DROP TABLE foo; --" :D

    In all seriousness I think this looks like a fun project :)
  • 2007-11-10 03:13:22 Apeldoorn Asselsestraat 00:1D:25:91:E1:9F Rchl & je kan me reet likken

    Translation:
    Rchl & you can kiss my ass

  • i can see how this tech could be used for traffic reports and tracking criminals.

    say 15% of the people on a large bridge have bluetooth on their phone (stretching it)

    set bluetooth hotspots (or whatever they're called, doesn't matter) anywhere from 5-10 feet apart. see how long it takes the phone to go from spot to spot. put in a formula, and voila. on top of that, it could be used to catch speeders. and, if you know the ID of a criminal's bluetooth-enabled phone, you could see where they connect, when, and

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...