One privacy enthusiast has built a tool to monitor your neighbors' nearby Bluetooth signals, demonstrating how easily everyday convenience can be exploited for covert spying. Having Bluetooth enabled is like constantly broadcasting your name to anyone within roughly 50 meters.
A basic stationary Bluetooth tracker can detect neighbours’ phones and wearables and expose their routines, such as when they are at home or away, when they’re having visitors, or when they're walking their dog. Vehicles, too, broadcast their presence, indicating when they arrive, leave, and return.
One privacy enthusiast who calls themselves Danny McClelland dropped a tool dubbed “bluehood” to “Monitor your local neighbourhood’s Bluetooth activity.”
While it is “for educational purposes only,” anyone with a device as simple as a Raspberry Pi or a laptop can use it to continuously scan for nearby Bluetooth devices, identify them by vendor, classify them into categories, such as phone, audio, wearables, IoT, vehicles, and others, and estimate their proximity.
The scanner can track presence patterns over time, identify devices that appear together, and even send push notifications when the targeted device appears.
The tool sufficiently demonstrates that our everyday devices reveal a lot of information even without any attempt to break in. Hijacking devices is another risk possible due to widespread Bluetooth vulnerabilities, such as WhisperPair.
Why build a Bluetooth tracker?
“The project was heavily assisted by AI, but the motivation was entirely human: I wanted to understand what information I was leaking just by having Bluetooth enabled,” the author explained on a blog post.
“We’ve normalized the idea that Bluetooth is always on. Phones, laptops, smartwatches, headphones, cars, and even medical devices constantly broadcast their presence.”
Users often have no control over Bluetooth transmissions, for example, when using hearing aids or even pacemakers and other implanted medical devices.
“Delivery vans, police cars, ambulances, logistics fleets, and trains often have Bluetooth-enabled systems for fleet management, diagnostics, or driver assistance. These broadcasts are continuous, and the drivers have no control over them,” Danny writes.
The developer believes people generally underestimate how many digital breadcrumbs they leave behind. Even those who “have nothing to hide, nothing to fear,” are still exposing information they probably don’t intend to.
“When is the house typically empty? Does someone visit every Thursday afternoon? Is there a regular pattern that suggests shift work? When do the children come home from school?” Danny lists just some of the questions that the scanner can easily answer.
It can also be used as a security tool that can help porch pirates or thieves.
Modern smartphones, however, randomise their Bluetooth MAC addresses, enhancing user privacy. The Bluehood tool, conveniently, filters out these randomized unique identifiers.
No hacking – just monitoring
The developer doesn’t want anyone to use the tool for hacking, and it’s only capable of passive listening. It never attempts to connect to any detected Bluetooth devices.
“I built it because I wanted to see for myself what I was broadcasting. The results were sobering. Even with no malicious intent, anyone with basic technical knowledge could learn a lot about my household just by sitting in their car and running a script,” Danny said.
“If you try Bluehood and it makes you think twice about your own Bluetooth habits, it’s done its job.”
However, the author acknowledged that the project was motivated by the previously discovered Bluetooth vulnerabilities that can enable eavesdropping, hijacking, and tracking at scale.
Monitoring for device radios isn’t new and has long been used for geolocation and other use cases. Shopping malls track exposed radios to estimate visitor traffic patterns.
Cybernews reported on open APIs that allow anyone to determine the exact current location of devices. So if a bad actor has a few MAC addresses, they can constantly track where the user is at all times.
Unlock exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked