Program you flipper0 to record all wireless identifications for a few weeks. hook broadcaster to amplifier and attach to your car playing all the time. Every time you drive by one of these, it'll look like a parade just went by.
Probably do the same thing when you go into retail stores. just flood the place with every possible identification.
I was in the space 10 years ago with a product. Primarily Bluetooth, later BLE and WiFi. At that time most consumer devices were constantly discoverable. About 3-5% of traffic would have a disoverable MAC. These days not so many. iPhones never are discoverable unless you are in pairing mode. BLE broadcasts beacons much more consistently and generates a lot of data to filter, but they also change MACs.
Most WiFi chipsets use hardware based MAC layer, so promiscuous monitoring / sniffing is not possible on virtually every embedded module. There were a few chipsets, known as SoftMAC where linux drivers did the MAC layer, in which you could truly sniff the air for all traffic and capture a whole lot of MAC addresses. That was much more useful, but requires more CPU and specific older hardware. If you have a permanent power source like in a ALPR that isn't as much of a concern. I don't know of any companies that really did this though. Almost all our competitors used solutions that only supported the usual device discovery, which relies on BT being discoverable, or AP mode WiFi in order to track a MAC address. It's really easy to market though, it sounds great on paper. In practice the results are less than stellar and with time got even worse as vendors stopped being discoverable by default, and handsets started using used dynamic MAC addresses
> BLE broadcasts beacons much more consistently and generates a lot of data to filter, but they also change MACs.
Hah! I wish this were true. The overwhelming majority of BLE widgets don't use resolvable random private addresses. They could, they just don't. A huge share of the industry is just copy-pasting Nordic sample code until they have a shippable product, and last I checked, exactly one (1) Nordic sample project enables RRPAs. Nordic treats it as an edge case, and everyone else follows along.
And that's besides the issue that the RRPA rotation algorithm is pretty contrived. I'd be shocked if some three-letter hasn't already built a tool for tracking devices that use it.
According to the graphic, all RFID/NFC tags including pet microchips and your company badge will be associated with you too.
I can remember in the late 1990's Berkeley Public Library was considering adding RFID tags to the books as asset tags. The public push-back was significant and surprising at the time. Freedom-loving library patrons were concerned about nefarious tracking. Proponents of the new tags thought that the concept of tracking people or the books they read was rooted in paranoia.
I thought most modern Bluetooth devices essentially randomize the Bluetooth MAC address periodically, specifically to prevent this sort of tracking? And random MAC addresses too on WiFi.
If someone has a half dozen BT devices on their person/in their car and they randomize MACs hourly (but not all at once) I bet you could still track people pretty accurately.
I wonder how much that actually helps. A license plate scanner and a camera can easily identify me in my car. What tracking advantage does “there are three (probably) Apple devices” in the car as well confer.
If I’m away from my car later, I’m just a guy walking around with 3 Apple devices (or two if I forget my phone in the car).
> A license plate scanner and a camera can easily identify me in my car.
Sure, but now you can track someone from their car through public transport, shops and god knows wherever else someone placed a sniffer.
And no, randomization doesn't help, because in the end the Find My beacons have to resolve down to some common identifier otherwise the "an unknown device has been following you for 2 hours" warning would not work.
Program you flipper0 to record all wireless identifications for a few weeks. hook broadcaster to amplifier and attach to your car playing all the time. Every time you drive by one of these, it'll look like a parade just went by.
Probably do the same thing when you go into retail stores. just flood the place with every possible identification.
I was in the space 10 years ago with a product. Primarily Bluetooth, later BLE and WiFi. At that time most consumer devices were constantly discoverable. About 3-5% of traffic would have a disoverable MAC. These days not so many. iPhones never are discoverable unless you are in pairing mode. BLE broadcasts beacons much more consistently and generates a lot of data to filter, but they also change MACs.
Most WiFi chipsets use hardware based MAC layer, so promiscuous monitoring / sniffing is not possible on virtually every embedded module. There were a few chipsets, known as SoftMAC where linux drivers did the MAC layer, in which you could truly sniff the air for all traffic and capture a whole lot of MAC addresses. That was much more useful, but requires more CPU and specific older hardware. If you have a permanent power source like in a ALPR that isn't as much of a concern. I don't know of any companies that really did this though. Almost all our competitors used solutions that only supported the usual device discovery, which relies on BT being discoverable, or AP mode WiFi in order to track a MAC address. It's really easy to market though, it sounds great on paper. In practice the results are less than stellar and with time got even worse as vendors stopped being discoverable by default, and handsets started using used dynamic MAC addresses
> BLE broadcasts beacons much more consistently and generates a lot of data to filter, but they also change MACs.
Hah! I wish this were true. The overwhelming majority of BLE widgets don't use resolvable random private addresses. They could, they just don't. A huge share of the industry is just copy-pasting Nordic sample code until they have a shippable product, and last I checked, exactly one (1) Nordic sample project enables RRPAs. Nordic treats it as an edge case, and everyone else follows along.
And that's besides the issue that the RRPA rotation algorithm is pretty contrived. I'd be shocked if some three-letter hasn't already built a tool for tracking devices that use it.
Using AirGuard on Android, I'm able to detect iPhones around me even when they are not in pairing mode.
>I'm able to detect iPhones around me even when they are not in pairing mode.
Right, but the mac is randomized every 15 min, which makes tracking hard to pull off.
According to the graphic, all RFID/NFC tags including pet microchips and your company badge will be associated with you too.
I can remember in the late 1990's Berkeley Public Library was considering adding RFID tags to the books as asset tags. The public push-back was significant and surprising at the time. Freedom-loving library patrons were concerned about nefarious tracking. Proponents of the new tags thought that the concept of tracking people or the books they read was rooted in paranoia.
Isn't it not really possible to uniquely identify most modern bluetooth devices this way? Specifically to prevent things like this.
Unless they're hoping my AirPods are in pairing mode all of the time and they're going to track the name "mikeocool's AirPods."
They just need to link a cluster to you in the first place - say at a toll booth or drive-thru - where ANPR is already commonly deployed.
I thought most modern Bluetooth devices essentially randomize the Bluetooth MAC address periodically, specifically to prevent this sort of tracking? And random MAC addresses too on WiFi.
If someone has a half dozen BT devices on their person/in their car and they randomize MACs hourly (but not all at once) I bet you could still track people pretty accurately.
I wonder how much that actually helps. A license plate scanner and a camera can easily identify me in my car. What tracking advantage does “there are three (probably) Apple devices” in the car as well confer.
If I’m away from my car later, I’m just a guy walking around with 3 Apple devices (or two if I forget my phone in the car).
> A license plate scanner and a camera can easily identify me in my car.
Sure, but now you can track someone from their car through public transport, shops and god knows wherever else someone placed a sniffer.
And no, randomization doesn't help, because in the end the Find My beacons have to resolve down to some common identifier otherwise the "an unknown device has been following you for 2 hours" warning would not work.
This feels illegal. If it's not, it probably should be.
Privacy is no more if that is true
Now that I think of it, I'd be surprised if there aren't a few lists of this kind already made by an agency/company or two.