VowelMovement Posted February 13 Share Posted February 13 Hey guys, I'm not sure if this has been posted before but I have a rather concerning topic to ask about. This is one of those rare and very smart and informed groups that could really help out here. I've enables the phone setting that allows me to see Bluetooth addresses without names and have been doing scans all over my area for, a long time now. There are so many MAC address only BLE signals around and I don't think it's coming from devices or cars or anything commercial. All of these MAC addresses emitted by devices are registered to a vendor right? Just google a BT vendor address searcher and it returns "Samsung" or something like that for any commercial device Mac address entered. Not these ones though, no known vendor. I captured some in a bug report and brought the data over to Wireshark and I can't really find much more info except the power level. A strong BT signal from a device emits at about -50 dBm (decibel Milli watts) and a weak signals would be -100dBm, and that's the point of signal loss pretty much. These addresses emit at 12dBm which is a lot of energy. I'm not that experienced with BT packet/signal analysis but is there any further digging to be dug here? I need someone with a bit more experience. I work in software development, and have watched a lot of Hak5 over the years so thank you for all the info you put out it's really great and has helped me a tonne as well as sparking so much curiosity. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 13 Share Posted February 13 12 hours ago, VowelMovement said: All of these MAC addresses emitted by devices are registered to a vendor right? I wouldn't be so sure about that. BLE uses MAC address randomization just like WiFi does (at least in some implementations) and will probably end up in a "non-vendor" result (just like you do when searching for WiFi related MAC addresses that are randomized). Quote Link to comment Share on other sites More sharing options...
VowelMovement Posted February 14 Author Share Posted February 14 @dark_pyrro I would recommend enabling this setting for yourself and scanning around. You'll soon see what I mean and it takes a bit of deduction to guess where they are coming from. It's not just where I am in Europe either, I've tried this when travelling in different countries and it's much the same. To my understanding Mac address randomisation can be set up for specific implementations but for most commercial devices they would be trackable. Even if part of the address was changed the vendor assigned part would still track back to a vendor. It's a standard that was set up a good while back. For example Hyundai was fined millions for releasing cars with non-vendor trackable MAC addresses. That helped to solidify that commercial standard. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted February 14 Share Posted February 14 Legal cases or not, random device address is still a feature. And, no, I have no interest in scanning for BLE devices. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.