back to article How your phone, laptop, or watch can be tracked by their Bluetooth transmissions

Over the past few years, mobile devices have become increasingly chatty over the Bluetooth Low Energy (BLE) protocol and this turns out to be a somewhat significant privacy risk. Seven boffins at University of California San Diego – Hadi Givehchian, Nishant Bhaskar, Eliana Rodriguez Herrera, Héctor Rodrigo López Soto, …

  1. Chris G Silver badge

    What would be the purpose of a device continuing to beacon after the owner has disabled bluetooth?

    That doesn't sound like an unfortunate omission in the software.

    1. Anonymous Coward
      Anonymous Coward

      I think it's for the same reason a modern iPhone continues to be detectable after regular power down (which it tells you when powering down): to ensure it can be found via the Find My Phone/iThing/Mac feature.

    2. yetanotheraoc Silver badge

      the owner (sic) has disabled bluetooth

      Apple gives us a button, but the button doesn't "disable" bluetooth. When I click the bluetooth button on my iPhone, on says "Bluetooth Connections Enabled", while off says "Disconnecting Bluetooth Devices Until Tomorrow".

      As for the purpose, after much head scratching I've decided it's all about stolen devices. If you disable bluetooth by powering off, the stolen device is useless. If you power on and can't disable the beacon, the stolen device can be found.

      I have always had find my iPhone turned off in settings, but it turns out to have been useless privacy theater. Instead, as I've pointed out here before, I will be getting rid of all the iDevices.

      1. Anonymous Coward
        Anonymous Coward

        Re: the owner (sic) has disabled bluetooth

        If you have "Find me" turned off, the beacons are quiet, but you also need to distinguish between the control panel disabling of Bluetooth (temporary) and the one in Settings (permanent).

        I love the way you use one feature to discard the overall safer platform. I'm guessing you will also sell your car because you don't like the ashtray and are now searching for one without airbags and ABS..

        By the way, what do you think reaches further: Bluetooth or your phone's GSM signal which contains all sorts of fun non-changeable identifiers? And WiFi? Even when not connected to a network you're broadcasting a MAC address which apparently now changes on iPhones (but I'm not certain of that, maybe that's still being planned).

  2. eldakka Silver badge

    That means the devices may emit a unique fingerprint, meaning it's possible to look out for those fingerprints in multiple locations to figure out where those devices have been and when.
    This is why since day 1 of my first ever bluetooth device - a Sony Ericsson P900 - I have always explicitly left bluetooth disabled except when I am specifically using it. Even today I leave bluetooth off unless I am actively using a bluetooth device. And I always toggle it off after I finish that activity (same with WiFi, only ever enabled when I want to use it).

    This has been a known problem for years. Years ago there were reports of shopping centres tracking customers movements through the mall by tracking bluetooth, to track what stores people entered, how long they spent in food courts, etc.

    edit: after reading @Chris G's post, I went back and re-read the article and only then noticed this:

    "However, we found that simply disabling Bluetooth on some phones will not stop the beacons. For example, on some Apple devices disabling Bluetooth in the Control Center (the menu accessed by swiping down from the top of the screen) may not stop it from beaconing."

    1. Anonymous Coward
      Anonymous Coward

      "Years ago there were reports of shopping centres tracking customers movements through the mall by tracking bluetooth, to track what stores people entered, how long they spent in food courts, etc."

      More than just reports, tracking via WiFi "announcements" (which lead to introduction of MAC address randomisation), Bluetooth beacons (typically required shop's App to be installed), and via mobile network "announcements".

      This is the company I remember in the UK that listened in for the routine announcements your mobile phone sends to the mobile infrastructure:

  3. Grunchy

    Hmm the FAA/FCC might be interested in Apple phones not shutting down radio emissions when commanded to do so.

    Anyway I think this vulnerability is already widely known for years. Guys like Osama Bin Laden, and other wanted criminals, have long been aware their goose is fried the moment they become associated with a particular cell phone.

    1. Clausewitz 4.0

      I cannot speak for the criminals, but more intelligent folks use that same vulnerabilities to the mutual advantage and progress. Some call it counter-intelligence.

    2. You aint sin me, roit Silver badge

      Crims using burner phones?

      How dastardly!

      But did they remember not to upload their terrorist network contacts to the iCloud?

  4. iron Silver badge
    Thumb Down

    My phone, laptop, or watch can't be tracked by their Bluetooth transmissions. For a start I don't own a watch that has Bluetooth, but also my phone never has Bluetooth turned on except briefly when needed, which would be about twice a year, and my laptop never has Bluetooth turned on. As for Apple products refusing to turn Bluetooth off, that would be one of the many reasons I don't buy their overpriced tatt.

    You might be able to track me via my wireless headphones but only if you're very close nearby and all you're going to learn is how frequently I make tea / coffee. Hourly as it happens.

  5. martyn.hare
    Thumb Up

    Simple solution

    Just accept when you're out in public, you're very trackable, regardless of which devices you use.

    1. Clausewitz 4.0

      Re: Simple solution

      Is anyone in hiding? Didn't knew that.

      1. ecofeco Silver badge

        Re: Simple solution

        Your naivete is touching.

  6. werdsmith Silver badge

    Coming soon: humans can be tracked by their own personal smell signature.

  7. DS999 Silver badge

    COVID beacons

    If that's what this depends on, then the attack is useless in the US. The US government left that up to the states, and I'm not sure any state is using that for contract tracing, so no one here has that enabled.

    I had forgot all about it and looked to see where it is on my iPhone. Found it under "exposure notifications", which of course is in the default "off" setting and would do nothing if I turned it on.

    1. katrinab Silver badge

      Re: COVID beacons

      Going through the Apple list, the following states/territories/etc have apps:





      North Carolina

      North Dakota


      South Carolina


      Puerto Rico

      The following have exposure notifications, but no app:




      District of Columbia








      New Jersey

      New Mexico

      New York





  8. HildyJ Silver badge
    Big Brother

    Privacy, what a concept

    As a practical matter, privacy, as far as tracking, no longer exists.

    Broadcasting Bluetooth, per the article, gives about a 50% chance of detecting your phone and a 50% chance of detecting someone's phone that might be your's (or not).

    OTOH, your phone is also communicating with cell towers and these can also be used for tracking in real time with 100% accuracy with a Stingray device or after the fact with carrier records.

    And if you go without a cell phone, there's still tracking available through surveillance cameras.

  9. EveryTime

    Looking closely at what was written, I'm concluding that that they are largely unsuccessful at RF fingerprinting.

    Which is unsurprising.

    Identifying transmitters by their unique signatures has a long history. A century ago radio operators could identify each other by their unique "fists", the specific way they sent Morse code. Experienced operator could also identify the CW transmitter by the tonal quality, how that specific transmitter varied in frequency and amplitude. That was easier than it sounds, since Morse code over radio is rapidly starting up and shutting off a transmitter. And a century ago, with valves and marginally stable crystals, those transitions were wildly sloppy.

    Transmitter identification became more sophisticated with AM and FM voice transmissions, but the phase and amplitude imperfections at the start of transmission were still key fingerprint features. Discrete components varied, and even their exact position during assembly produced some variation straight from the production line.

    Essentially all of that is gone with modern radios. Frequency-agile radios require a design the minimizes frequency deviation, and modern assembly techniques results in astonishing consistency. There might be characteristics of a chip type, but you aren't going to be identifying the specific device.

    And that's pretty much what they found, even if the headline suggests otherwise.

  10. nautica Bronze badge
    Big Brother

    Surprise, surprise, surprise!

    "...on some Apple devices disabling Bluetooth in the Control Center (the menu accessed by swiping down from the top of the screen) may not stop it from beaconing."

    1. Anonymous Coward
      Anonymous Coward

      Re: Surprise, surprise, surprise!

      But it does set

      fHasSomethingToHide = true;

  11. karlkarl Silver badge

    OpenBSD doesn't support bluetooth and I can't say I ever miss it.

    So unless my ThinkPad hardware is emitting becons without OS support, I should be "noise free".

    What exactly do people use Bluetooth for? I can seriously only think of gimmicks that can be solved and improved with a simple thin cable (headphones) or standard wireless / IR (wireless mouse / keyboard).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021