We often get asked if it’s possible to track smartphones using Bluetooth. For example, a retailer might want to know how long someone stays in their store and whether they visit again.
While iOS devices advertise Bluetooth continuity messages it’s not possible to track iOS devices using their Bluetooth MAC address because the address changes over time in order to defeat such tracking. However, as previously mentioned, Bluetooth MAC randomisation can be defeated. Android devices don’t usually advertise but some do if Covid tracking is on.
There’s a new paper by researchers at UC San Diego on Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices (PDF). It looks into Bluetooth physical-layer patterns to track a variety of device types.
A tool has been created to automate discovery of imperfections in signal modulation.
These imperfections are caused by manufacturing variations in the transmitter hardware.
Some, but not all, devices have unique fingerprints and can be tracked.