Back to list
RES: Tracking bluetooth
Nov 14 2007 02:27PM
Denny Roger (denny roger future com br)
Josh is correct. It's also important to track which phone is sending worm.
You can see more information in this website http://www.nytimes.com/2005/01/24/technology/24virus.html.
Gerente de Negócios, Future Security
denny.roger (at) future.com (dot) br [email concealed]
Tel/Fax: +55(11) 2246-2787
Celular: +55(11) 8101-4476
De: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] Em nome de Joshua Wright
Enviada em: Wednesday, November 14, 2007 12:00 PM
Para: Security; wifisec (at) securityfocus (dot) com [email concealed]
Assunto: Re: Tracking bluetooth
-----BEGIN PGP SIGNED MESSAGE-----
> Would those sniffers be able to determine a relative distance from the
> device? Effectively, you could triangulate someone's location that way.
Yes, by tracking Bluetooth activity, you can obtain lots of information
1. Relative location with triangulation and other location-analysis
2. Frequency of visit, time spent in front of particular displays (for
3. Associations (e.g. "Every day at 12:15 'Jons Phone' and 'Kims Phone'
meet at location X for 15 minutes")
4. Relative speed of travel
These items assume the location analysis units are stationary; if the
locating device is mobile, then it could be used to track individuals as
- From my perspective, Bluetooth tracking would be useful for areas with
large crowds for event planning and traffic management purposes (think
Disney World, or hundreds of thousands of people making pilgrimages).
It could also be used for retailers, to learn the shopping habits of
customers, which displays garner more attention, the traffic patterns of
shoppers in their stores, etc.
I think this would also be useful to law enforcement agencies to
establish relationships or "known associates" by recording Bluetooth
activity. Since this Bluetooth tracking information is "broadcast", I
imagine it is possible for LEA's to collect it without wiretap warrant.
There was a draft mechanism from the Bluetooth SIG to implement
something known as "Bluetooth Anonymity Mode", but this appears to not
have been adopted in the most recent 2.1 specification. Currently,
placing Bluetooth devices in "non-discoverable" mode will thwart most
attempts at collecting this kind of information, but it is an
insufficient long-term strategy since it has become possible to discover
devices in non-discoverable mode as well (please see my presentation on
exploiting Bluetooth headsets at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
<P><FONT face=Arial size=1>As informações existentes nessa mensagem e nos
arquivos anexados são para uso restrito, sendo seu sigilo protegido por lei.
Caso não seja destinatário, saiba que leitura, divulgação ou cópia são
proibidas. Favor apagar as informações e notificar o remetente. O uso impróprio
será tratado conforme as normas da empresa e a legislação em vigor. </FONT>
<P><FONT face=Arial size=1>The information contained in this message and in the
attached files are restricted, and its confidentiality protected by law. In case
you are not the addressee, be aware that the reading, spreading and copy of this
message is unauthorized. Please, delete this message and notify the sender. The
improper use of this information will be treated according the company's
internal rules and legal laws. </FONT>
<P><FONT face=Arial size=1></FONT>
<P><FONT face=Arial size=1></FONT>
[ reply ]
Copyright 2010, SecurityFocus