Hackaday was at HOPE last weekend, and that means we got the goods from what is possibly the best security conference on the east coast. Some of us, however, were trapped in the vendor area being accosted by people wearing an improbable amount of Mr. Robot merch asking, ‘so what is Hackaday?’. We’ve all seen The Merchants Of Cool, but that doesn’t mean everyone was a vapid expression of modern marketing. Some people even brought some of their projects to show off. [Jeff] of reelyActive stopped by the booth and showed off what his team has been working on. It’s a software platform that turns all your wireless mice, Fitbits, and phones into a smart sensor platform using off the shelf hardware and a connection to the Internet.
[Jeff]’s demo unit (shown above) is simply a Raspberry Pi 3 with WiFi and Bluetooth, and an SD card loaded up with reelyActive’s software. Connect the Pi to the Internet, and you have a smart space that listens for local Bluetooth devices and relays the identity and MAC address of all Bluetooth devices in range up to the Internet.
The ability to set up a hub and detect Bluetooth devices solves the problem Bluetooth beacons solves — identifying when people enter a space, leave a space, and with a little bit of logic where people are located in a space — simply by using what they’re already wearing. Judging from what [Jeff] showed with his portable reelyActive hub (a Pi and a battery pack) a lot of people at HOPE are wearing Fitbits, wireless headphones, and leaving the Bluetooth on the phone on all the time. That’s a great way to tell where people are, providing a bridge between the physical world and the digital.
Any _well implemented_ personal Bluetooth device will use private, random + temporary, MAC addresses so this won’t work for identifying people.
But what about the other 99.4% of the bluetooth devices out there?
iOS since the start and Android since version 5 Lollipop have been using private addresses so this will only work on a very limited set of mobile phones for tracking, not as the article implies.
Also I doubt Fitbit is using public fixed addresses since that would be a huge breach of privacy for their customers.
You’d be surprised just how many devices can be detected by their spontaneous BLE advertisement packets. And yes jgmarcelino, the FitBit is not using a public fixed address, but our Charge HRs haven’t changed their *random* address in 18 months, allowing us to permanently associate them with our profiles! Smart TVs and set top boxes are quite guilty of this too. iOS and Android 5+ devices do regularly cycle their advertiser addresses which addresses (pun intended) most privacy concerns.
Phones are hard to track, but AirPods specially, that get the user name in the device name, those completely self dox.
If you’re interested in actually sniffing BLE devices, Nordic have a sniffer that uses their dev kit (about £30) and Wireshark.
This is also a pretty nice option for BLE sniffing from Adafruit: https://www.adafruit.com/product/2269
Oh wait that one also uses the NordicRF’s snififng kit. Probably the one you meant then.
Regardless of the underlying hardware used, one might also find helpful our advlib project which interprets raw BLE packets and converts them to JSON: http://reelyactive.github.io/advlib/ Published as an article entitled “Low-Power Wireless Advertising Software Library for Distributed M2M and Contextual IoT”: http://reelyactive.com/science/reelyActive-IoT2015.pdf
Oh wow! I’ve been looking for a good way to implement something like this with one of my projects. It’d be really nice to track the devices entering and leaving the house, and if enrolled, act on legitimate occupants’ presence. Nice.
I’m legitimately concerned for the “legitimate occupants” about what this might mean.
FitBit battery life might be significantly reduced if it is polled too frequently.
There’s your wireless battery drainer
I’ve just thought, why not have a Raspberry Pi with Bluetooth built in, and call it a Blueberry Pi? Patent pending, patent pending, patent pending!
Howabout add cell radio, screen and mini keyboard and call it a Blackberry Pi ?
This is good. Too good.
Be sure to check out also BLE “man-in-the-middle” active interception and tampering tool: https://github.com/securing/gattacker and http://www.gattack.io.