Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Security

Sniffing and Tracking Wearable Tech and Smartphones 56

An anonymous reader writes: Senior researcher Scott Lester at Context Information Security has shown how someone can easily monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, fitness monitors, and iBeacons. The findings have raised concerns about the privacy and confidentiality wearable devices may provide. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott says. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.” The researchers have even developed an Android app that scans, detects and logs wearable devices.
This discussion has been archived. No new comments can be posted.

Sniffing and Tracking Wearable Tech and Smartphones

Comments Filter:
  • by rossdee ( 243626 ) on Monday May 25, 2015 @10:03PM (#49772207)

    whatever turns you on I suppose

  • by Anonymous Coward

    This reminds me of the Minority Report scene [youtube.com], where people could easily be tracked by their eyes being scanned and the annoying part of it I always thought was the loud mouthed advertising, with the ads giving out your name and what you bought yesterday.

    "Hi there, Jane, how are you enjoying those extra absorbent tampons you bought last week, is everything ok? Need some new underwear?"

    As to tracking for your own legal purposes, there are many services designed for that. [trackensure.com] Any technology can be abused, the qu

  • I fee sooo left out way out here in the sticks where I'm not getting my Bluetooth sniffed, or anything else except by the local wild and semi-wild fauna.


    Seriously not. Adds one more reason to my list not to go down off the mountain...

    • by Whiteox ( 919863 )

      Fine. Be that way. I for one never go outside because strange things happen when I go outside.

  • by Frosty Piss ( 770223 ) * on Monday May 25, 2015 @10:15PM (#49772249)

    The findings have raised concerns about the privacy and confidentiality wearable devices may provide.

    Who ever suggested that there was any "privacy and confidentiality" of wearable devices that use Bluetooth? Who would even think such a thing? We're not talking about encrypted communications devices here...

    • Re:Really? (Score:4, Interesting)

      by TWX ( 665546 ) on Monday May 25, 2015 @11:40PM (#49772555)
      I'm guessing that most people think that they're secure in their privacy unless they're forced into a confrontation that proves they aren't. Look at all of the corporate officers that get busted with e-mail and text messages that document their white-collar crimes. Those people are supposed to be pretty smart and even they still don't understand how the technology or the law actually work.
    • by AmiMoJo ( 196126 )

      Who would even think such a thing?

      Ordinary people assume that when something is "connected" to their phone, it is connected in the same way that a cable connects things or they are connected to secure wifi with a password. The fact that you usually need to use a PIN number to pair Bluetooth devices further adds to to illusion that it is secure, because PINs are for security.

      Engineers have to accept responsibility here. We have to make things secure by default, and respect privacy. Users don't appreciate the somewhat subtle differences betwe

  • by Brulath ( 2765381 ) on Monday May 25, 2015 @10:20PM (#49772275)

    Broader privacy implications aside, it's actually kind of neat to be wearing a device which can identify when you're in a particular space and how long for. We have a volunteer tech group working on projects at our local museum and one of the guys implemented a fitbit scanner to identify when people were present and how long for (which is useful, as bureaucracy dictates we sign in/out for fire and visitor-tracking reasons). Every few minutes it broadcasts a request for fitbits, and all those within range respond. They return a mac which can be linked back to a fitbit account, if the user has authorised us to access it, which makes it a bit easier to identify the person who owns the fitbit. We could probably replace it with another sign in system, but passive is kind of neat when you want it.

    I assume resolving the identifying problem wouldn't be as easy as using a random mac?

    • by TWX ( 665546 )
      Changing a MAC once won't do any good, as once the new MAC is learned, if it's seen again then it'll be recognized again.
  • ... and it does nothing.

    • by zlives ( 2009072 )

      it updates your location to their servers right away... its not suppose to do anything else, you have now been tagged as one of the people to be interrogated later by 3 letter agency of your choice because you clearly were trying to hack something.... i think that's how it goes :)

  • by PopeRatzo ( 965947 ) on Monday May 25, 2015 @10:48PM (#49772383) Journal

    "Sniffing and tracking"? My seven year old beagle does those things and has much longer battery life.

    Call me when you're bluetooth device can fetch a tennis ball.

    • Unfortunately, despite not being iBeagle, you will find your beagle's battery...difficult to user service...when depleted. Also problematic to restore from backup.
      • you will find your beagle's battery...difficult to user service...when depleted.

        A few doggie treats and a quick nap on the porch is all the user service she needs.

  • Saturate your body with sensors. A bluetooth connection for every hair in your ears, nose and butt. Wifi for each of your liver's lobes, flow sensor in your intestines, strain gauges glued to your nails, ears and eyelids, a nanomagnetometer for every neuron, tile the inner wall of your small intestine with enzyme chips, etc, etc. If enough people follows that trend, soon the data flow is going to surpass any available computing power to process it. An being fashionable in the process, the real concern of m

    • by ihtoit ( 3393327 )

      the Internet of Everything starts with everything else and ends with permanent and persistent tracking of humans from the second their skin hits air to the second they expire. You have two choices here: accept the inevitability of this march to not only total information awareness but total corporate control over that information and total monetisation of that information entirely at your expense, or simply say "NO, I WILL NOT BE WIRED, TRACKED, NUMBERED, SERIALISED, SOLD, COMMODITISED OR ELECTRONICALLY CON

      • by zlives ( 2009072 )

        control of information is necessitated by our want of privacy... if we don't care about privacy, there is no need for control. freely available total information awareness, thus, as a goal would actually set us on the path away from "total monetisation".

        • by ihtoit ( 3393327 )

          TIA doesn't mean what I think you think it means. It's not personal knowledge of what information about you is going where, it's about the fact that every single little facet of your life, right down to how runny your shit is, is/will be being recorded and made money on for somebody else. That somebody else controls YOUR information. You don't even KNOW what and how much information about you is being gathered every second of every day and where it is going. Even trying to opt out of the system is informati

  • While they are admittedly a staple of low-budget action shlock; it seems that the 'celebrities, politicians, and high level business executives'(none of those midlevel guys, do you know what a kidnapping costs, per kilogram of hostage?) would be the least relevant targets for this flavor of attack.

    Fancy prominent people are valuable, strategically relevant, or have deranged and dangerous fans. Such people have merited considerable human effort on the part of assorted attackers more or less since the inve
  • Wrong!! (Score:3, Informative)

    by ultranerdz ( 1718606 ) on Monday May 25, 2015 @11:17PM (#49772489)

    Bluetooth 4.1 adds Randomised private resolvable addresses. This allows only bonded devices to be tracked this way.

    • by gl4ss ( 559668 )

      this is really "news" from 2000.

      furthermore, iBeacons and such are used exclusively for the purpose of creating a beacon..

  • HIPPA (Score:4, Interesting)

    by sunderland56 ( 621843 ) on Monday May 25, 2015 @11:43PM (#49772567)
    Isn't leaking personally identifiable health information a violation of HIPPA [wikipedia.org]?
    • It's HIPAA, not HIPPA.

    • What protected health information is being leaked? You can identify a device and then maybe tie that device to an individual, but you aren't gaining access to any of their sensitive data.
  • "...identify and locate a particular device – that may belong to a celebrity, politician or..."

    IOW a wet dream for paparazzi.

  • The latest wave of BLE / "Bluetooth Smart" devices, everything from headphones to keyboards to fitness bands, are a joke. Not only is the connection reliability *terrible*, but a paper describing a method of attack the protocol has been out for a while now.

    My suggestion, and what I currently do, is refuse to buy any product that advertises that it supports or uses Bluetooth Low Energy or Bluetooth Smart or Bluetooth 4.0. Anything similar to that in the marketing literature or tech specs, and I pass it by. B

If you think nobody cares if you're alive, try missing a couple of car payments. -- Earl Wilson