How Bluetooth Surveillance Works

contact tracing app
This phone displays the COVID-19 contact tracing app, launched by Britain's National Health Service. It uses Bluetooth technology to alert users if they spend 15 minutes or more within 6 feet of another user who subsequently tests positive for the disease. DANIEL LEAL-OLIVAS/AFP via Getty Images

Wireless technology seems like it's everywhere these days. Imagine taking a walk through a crowded area — perhaps the shopping district of a big city. Maybe you're just doing some casual window shopping, and you've kept your phone with you and left Bluetooth on "discoverable" mode. This allows other Bluetooth phones to locate you. As you linger in front of a shoe store and consider a new pair, your phone beeps: Someone's sent you a text message. It reads: "We know where you are. Having fun shopping?" Sounds like something out of a movie, right?

Such a thing is possible, and it's happened before. In fact, it's the very nature of Bluetooth — a technology that can search for and locate other devices that also have Bluetooth — which has some people concerned. Security has long been an issue with this technology — bluejacking, for instance, although simply a harmless prank, allows Bluetooth users to send out unsolicited messages to nearby devices. Because Bluetooth devices are to some degree traceable, the concept of Bluetooth surveillance has been introduced into the tech world.

Advertisement

The phrase Bluetooth surveillance might conjure up images of Big Brother in George Orwell's dystopian novel of the future, "1984," but is that really the idea? Bluetooth surveillance has a lot of benign uses as well. To learn about Bluetooth surveillance and whether or not you should remain discoverable, read on.

Bluetooth Discoverability

bluetooth in car
Keeping a Bluetooth device in "discoverable" mode allows any other gadget with Bluetooth capabilities to search for and locate it within a certain range. Image Source/Getty Images

Before we dive into Bluetooth surveillance, we'll want to take a look at how Bluetooth itself works and understand what makes the technology traceable. Bluetooth devices use the free 2.4-gigahertzradio frequency band known as ISM, which stands for industrial, scientific and medical devices. The band is unlicensed for low-power use, so headsets and other Bluetooth accessories use very little in the way of batteries. Bluetooth's worldwide availability and low power requirements make it a very popular standard for connecting all kinds of devices, from consumer electronics to business applications to devices on the Internet of Things.

Many of the Bluetooth applications we're most familiar with are short-range uses, such as computer peripherals, wireless headphones and connections to automotive entertainment systems. Bluetooth signals can travel farther, however, even more than a kilometer (three-quarters of a mile).

Advertisement

The most basic security feature on Bluetooth-enabled devices is the ability to go into one of two modes: "discoverable" or "non-discoverable." This information is typically found in the "settings" option of a device's control panel, where you can select whether or not to make your phone or laptop visible to others within the area. If you want to pair a Bluetooth keyboard to your computer, you make both devices discoverable and choose the keyboard in the computer's Bluetooth settings. It will ask you to type in a code displayed onscreen, a security measure designed to verify that you and your computer agree on the correct device to pair.

Simpler devices, such as wireless headphones, don't require a security code when you pair them. Once the two connect, they store the information that identifies the other as a remembered device.

If several Bluetooth devices are set on discoverable mode, they all have the ability to search for and locate each other, so long as they remain within range. Every device has its own address, a unique 48-bit identifier with six bytes of information that might look like this: 01:23:45:67:89.10. The first three bytes (01:23:45) are assigned to the specific manufacturer of the device, while the last three bytes (67:89:10) identify the device itself.

So how could someone track your movement if you left your phone on discoverable? Would they have to follow you around all day long, or is there a simpler way?

Advertisement

Bluetooth Positioning and Tracking

Mall of Americas
Bluetooth beacons have become commonplace in shopping malls (like the Mall of America pictured here) as a means for customers to find their way around. Owen Franken/Getty Images

Locating several Bluetooth users with a typical mobile phone is relatively simple: You just turn on your phone and see which devices are discoverable in your Bluetooth settings. But you can only monitor the people moving in and out of your Bluetooth's range, which is most likely a 10-meter (33-foot) circle around you. If you wanted to track a specific address, you'd have to visually locate that person's physical device and follow it around all day, which would easily blow your cover. And locating someone else's smartphone doesn't let you listen in on what they're doing or read their email.

But If several Bluetooth-enabled receivers are strategically placed to cover a large area, they can track the positions of any discoverable device, recording and sending any data back to a single address. Each Bluetooth receiver acts like any regular Bluetooth device: It searches for every device within range. If a person walked down a 100-meter-long (328-foot-long) street and each Bluetooth receiver had a range of 10 meters, five receivers with a radius of 20 meters (66 feet) would be needed to track that person's movement. As he walked toward the street, the first receiver would track him for the length of the first 20 meters, the second for the next 20 meters, and so on for the length of the street.

Advertisement

So how have people used this system to track people? One of the earliest uses of Bluetooth positioning and tracking technology is the Aalborg Zoo, the largest zoological garden in Denmark, in 2003. The point of installing the system was not to put the zoo's patrons under surveillance or to see which exhibitions people went to more often. Instead, special "Bluetags" were made available to prevent parents from losing valuable belongings that tend to wander off — their children. A parent could attach a "Bluetag" onto a child, and Bluetooth receivers around the zoo would track the child's movement.

Bluetooth beacons (hardware transmitters) have become commonplace for customers to find their way around retail environments. A shopping mall, for example, could install a Bluetooth surveillance system throughout its entire area to monitor the movements of Bluetooth owners. Although it wouldn't present a perfectly accurate description of a person's movement, the system could create a general map of his path and even compare how long someone stays in a certain area.

For instance, in 2018, Bluetooth reported that the giant Mall of America in Minneapolis was using its technology. "With a Bluetooth beacon infrastructure in place, guests can select their destination on the Mall of America app and pinpoint where they are in the facility. From there, the app can get customers moving in the right direction while providing additional information, such as store hours, estimated time of arrival, and vertical transportation factors like escalators that impact accessibility for shoppers utilizing strollers or wheelchairs," the company wrote.

With this knowledge, store owners could analyze shopper's behavior and change advertisement positions accordingly without anyone ever knowing. Some retailers use this surveillance to enhance services, knowing when a shopper with an appointment has arrived and where they are, even in a busy store.

You may have been using this same technology without realizing it. Personal Bluetooth trackers such as the Tile series and Apple's AirTags are very helpful for finding things you misplace often, such as your keys. An app on your smartphone can tell you where they are, as long as they are near another Bluetooth device that can identify the tracker. But this requires many people to have Bluetooth enabled. If you left your keys at your desk, your work neighbor's phone might be able to tell you right where they are. They're doing a kind of Bluetooth surveillance, and so are you — you've opted into the network of people looking for these trackers and passing on that info to someone who may have lost something important.

During the COVID-19 pandemic, several governments have used Bluetooth technology in tracking devices that citizens download on their phones. In the case of Britain, if someone has tested positive for COVID-19 (and the person agrees), the National Health Service will send them a link where they should fill out the contact information (names, addresses, phone numbers) of anyone they have had contact with. The tracing app will then alert these people and may suggest self-isolation depending on the type of contact. The app also lets users know if they are near someone who has tested positive for COVID-19.

Advertisement

Bluetooth Lingo

Since many terms related to Bluetooth surveillance use some variation of the Bluetooth brand name, it helps to get a few sorted out. Many refer specifically to attacks on smartphones. One of these is bluesmacking, a denial-of-service attack that sends an overwhelming amount of data traffic to the device in an attempt to shut it down.

Bluejacking, a prank that involves sending fellow Bluetooth users unsolicited text messages, doesn't actually have anything to do with hijacking, even though the name implies it. The term is simply a hybrid of Bluetooth and "ajack," the username of the Malaysian IT who discovered the glitch and spread the news over the internet. Bluejacking is mostly an annoyance, although the technique could be used in a phishing attack to convince someone to share personal information using social engineering.

Advertisement

Bluesnarfing, on the other hand, happens when an attacker reads, changes or copies information from a person's phone, such as a phone book, address book or calendar. More serious infringements of bluesnarfing include taking over someone's phone and using it to make phone calls, send text messages or surf the web.

Bluebugging is an attack designed to install a backdoor on your device. A backdoor is a vulnerability that allows someone else to gain access to your device, like leaving the back door open in your house. A bluebugging attack can be used to gain access to your personal information or for surveillance. Key Negotiation of Bluetooth, or KNOB, exploits the link manager protocol in Bluetooth to set a security key only one byte long on devices before they establish a connection. Someone within range can then crack the one-letter passcode to gain access to information on the phone or to log keystrokes.

Discovered in 2019, the KNOB vulnerability has since been patched. If you've never updated your older Bluetooth devices, you should. Even though Bluetooth tracking is mostly harmless, if you are concerned that it can violate your privacy, you should turn Bluetooth off when you're not using it.

Advertisement

Bluetooth Surveillance FAQ

Can you track someone through Bluetooth?
Tracking Bluetooth users with discoverable devices is possible, but tracking someone specifically generally isn’t unless you physically follow them, which isn't practical.
Can Bluetooth be used for spying?
A Bluetooth recorder can be used for spying, but doing so requires a hacker to have direct access to the mobile device of the person they’re trying to spy on.
Can someone connect to my Bluetooth without me knowing?
Theoretically, anyone can connect to your Bluetooth and gain unauthorized access to your device if the visibility of your Bluetooth device is on. However, this is an unlikely scenario as modern Bluetooth devices require some kind of pairing sequence before successful connection. This makes it difficult for someone to connect to your Bluetooth without you knowing.
What is Bluetooth surveillance?
Bluetooth surveillance is strategically placing multiple Bluetooth-enabled receivers to cover a large area. These receivers can track the positions of any discoverable device in their proximity by recording and sending any data back to a single address. In this network, each Bluetooth receiver acts like a regular Bluetooth device, so if someone has walked down a 100-meter-long path and each Bluetooth receiver has a range of 10 meters, you only need five receivers with a radius of 20 meters to track their movement.
Can Bluetooth detect proximity?
No, Bluetooth can only detect if the beacon and receiver device are in proximity of each other, which is generally no more than 10 meters.

Lots More Information

Related Articles
More Great Links

  • Bialoglowy, Marek. "Bluetooth security review." Security Focus. April 25, 2005. (Oct. 18, 2021). https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=4ac4d5c6-3bf1-4e66-acf0-6f07482cfae1&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68
  • Hallberg, Josef, Marcus Nilsson and Kåre Synnes. "Bluetooth positioning." Luleå University of Technology: Centre for Distance-spanning Technology, Department of Computer Science and Electrical Engineering. (Oct. 18, 2021). https://web.archive.org/web/20120126063552/http://media.csee.ltu.se/publications/2002/hallberg02bluetooth.pdf
  • Kostakos, Vassilis and Panos Kostakos. "Intelligence gathering by capturing the social processes within prisons." University of Bath: Department of Computer Science, Department of European Studies and Modern Languages. (Oct. 18, 2021). http://arxiv.org/ftp/arxiv/papers/0804/0804.3064.pdf
  • Pogue, David. "Bluetooth and the end of audio wiring." New York Times. Aug. 16, 2007. (Oct. 18, 2021). http://www.nytimes.com/2007/08/16/technology/circuits/16pogue.html?scp=1&sq=bluetooth&st=cse

Advertisement

Loading...