【知らなきゃ怖い】Bluetoothデバイスが密かにさらしている「意外な情報」とは？

Bluetoothデバイスは、実は私たちが思っている以上に多くの情報を外部に発信しています。デバイス固有のID（MACアドレスなど）や信号のパターンから、ユーザーの現在地や行動履歴、さらには使用しているデバイスの種類まで特定されるリスクがあるのを知っていますか？接続しているだけで、あなたのプライバシーが「丸見え」になっているかもしれません。この記事では、Bluetooth通信が図らずも露呈させてしまうデータとそのセキュリティ上のリスクについて解説します。

Tangential, sort of: in the early days of mobile phones for the masses, when there was no WiFi/3G in the underground, I will often enable Bluetooth in my phone, look for nearby devices and try to match names and looks.

That was before everyone had their "John's IPhone" or "Samsung A55" boring names everywhere and some of us cared to personalise our device's name.

Anyone else played this game?

About 10 years ago i had HomeAssistant running and thacking my bluetooth devices. It does so per default by jus memorizing a mac adress an recording when it's visible and when not. No need for pairing or anythung. It also stores the custom name if available.

Anyway, the default dashboard also automatically generated a view when my neighbours "Katie's iPhone' was at home and when not, until I actively deleted it and the data it stored.

We’ve normalised the idea that Bluetooth is always on. Phones, laptops, smartwatches, headphones, cars, and even medical devices constantly broadcast their presence. The standard response to privacy concerns is usually “nothing to hide, nothing to fear.”

I guess anything you send out can be used to profile you.

Some of my friends live on a farm near a semi busy road, however far enough from other farms to not be able to receive their wifi. They showed me their router logging all the wifi accesspoints that appear/disappear. There where A LOT of access points named "Audi", "BMW", "Tesla" etc. similar to those devices leaking bluetooth data. We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.

I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.

Bluetooth desperately needs mac randomization. Wifi mac randomization is welcome, but it doesn't do much when many (most?) people have bluetooth accessories broadcasting a persistent identifier whenever they're on.

"We agreed on a 150-day disclosure window". Isn't that longer than Google Project Zero gives to release fixes?

Wonder what the difference is between this and: https://github.com/ArgeliusLabs/Chasing-Your-Tail-NG (https://github.com/ArgeliusLabs/Chasing-Your-Tail-NG)

This is not very different from collecting visual cues. You can notice a delivery van arriving. You can see the driver's face, same with passers-by. The biggest difference is that a camera needs to be more conspicuous, while a BT receiver can be invisible and undetectable. Much cheaper, too.

The part about passively detecting delivery driver patterns from a home office is wild. I knew BLE was chatty but being able to correlate device pairs (phone + watch) to build movement profiles with just a Pi is genuinely unsettling. Makes me want to audit which of my devices are broadcasting when they don't need to be.

Ring: thank you for the idea, "Introducing Ring Face-Off, face masks covering faces during a break-in is no an issue for Ring, we will track the thieves until they reveal their face to our Ring network."

BLE Tire pressure sensors are great vehicle identification devices. Static MAC adress gives 4 unique keys to a vehicle when actively scanning.