Understanding How Bluetooth Surveillance Functions

Wireless technology seems omnipresent these days. Picture yourself strolling through a busy area — perhaps the shopping district in a major city. You're casually browsing, phone in hand, with Bluetooth set to "discoverable" mode. This enables other Bluetooth-enabled phones to detect you. As you stand in front of a shoe store, contemplating a new pair, your phone buzzes with a new message. It reads: "We know where you are. Enjoying your shopping?" Feels like something straight out of a thriller, right?

This scenario is indeed possible, and it has occurred before. In fact, it’s the fundamental nature of Bluetooth — a technology designed to detect and connect with nearby Bluetooth-enabled devices — that raises concerns. Security has long been an issue with this technology — bluejacking, for example, is a harmless prank that lets users send unsolicited messages to nearby devices. Given that Bluetooth devices are traceable to some extent, the concept of Bluetooth surveillance has emerged in the tech community.

The term Bluetooth surveillance may evoke thoughts of George Orwell's vision of a surveillance state in his novel "1984," but is that really the case? Bluetooth surveillance also has many harmless applications. To understand more about Bluetooth surveillance and decide if you should stay discoverable, keep reading.

Bluetooth Visibility

Before exploring Bluetooth surveillance, it's important to understand how Bluetooth works and what makes the technology traceable. Bluetooth devices operate within the unlicensed 2.4-gigahertz radio frequency band, known as ISM, which stands for industrial, scientific, and medical devices. The band is freely available for low-power use, which is why Bluetooth accessories like headsets consume minimal battery power. Bluetooth’s global accessibility and energy efficiency make it a popular choice for connecting a wide range of devices, from consumer electronics to business tools and Internet of Things devices.

Most Bluetooth applications we commonly use are for short-range tasks, such as connecting computer peripherals, wireless headphones, and linking to in-car entertainment systems. However, Bluetooth signals can travel much farther, even extending over a kilometer (around three-quarters of a mile).

The primary security feature in Bluetooth devices is the ability to toggle between two modes: "discoverable" and "non-discoverable." This option is usually found in the device's "settings" menu, where you can choose whether your phone or laptop will be visible to others nearby. For instance, when pairing a Bluetooth keyboard with your computer, both devices need to be set to discoverable. Your computer will prompt you to enter a code displayed on-screen, a security measure to confirm that both devices are the intended pair.

For simpler devices like wireless headphones, no security code is needed when pairing. Once connected, they store the identifying information of the other device for future use.

When multiple Bluetooth devices are in discoverable mode, they can all search for and identify each other as long as they're within range. Each device is assigned a unique 48-bit address, made up of six bytes that might appear as something like: 01:23:45:67:89:10. The first three bytes (01:23:45) represent the manufacturer's assigned identifier, while the last three bytes (67:89:10) are specific to the device.

So, how could someone track your movements if your phone is left in discoverable mode? Would they need to follow you around all day, or is there a more straightforward way to do it?

Bluetooth-Based Positioning and Tracking

Tracking several Bluetooth users with a standard mobile phone is relatively easy: Simply activate your phone and check the Bluetooth settings to see which devices are visible. However, you're limited to monitoring people within your Bluetooth range, typically a 10-meter (33-foot) radius. To track a particular individual, you would need to spot their device physically and follow them around all day, which would likely expose your presence. Additionally, locating someone else's smartphone doesn't grant access to their private activities, such as reading emails or listening in on conversations.

However, if multiple Bluetooth receivers are strategically placed to cover a wider area, they can track the location of any discoverable device, gathering and transmitting data to a central location. Each Bluetooth receiver functions like a regular Bluetooth device: It scans for any devices within its range. For example, if a person walks down a 100-meter (328-foot) street, with each receiver having a 10-meter range, five receivers with a 20-meter (66-foot) range would be required to monitor that person's movement. As they walked along the street, the first receiver would detect them for the first 20 meters, the second for the next 20 meters, and so on until they reached the end of the street.

How has Bluetooth technology been used to track individuals? One of the first applications of Bluetooth positioning and tracking took place at Aalborg Zoo in Denmark in 2003, the largest zoo in the country. The purpose of the system wasn't to spy on zoo visitors or track which exhibits they visited most. Rather, special "Bluetags" were offered to help parents keep track of their children, preventing them from getting lost. A parent could attach a "Bluetag" to their child, and Bluetooth receivers located throughout the zoo would follow the child's movements.

Bluetooth beacons, small hardware transmitters, have become a standard feature in retail spaces, helping customers navigate. For instance, a shopping mall could set up a Bluetooth surveillance network across its entire space to monitor Bluetooth-enabled devices' movements. While this wouldn't give a completely accurate picture of someone's exact movements, it could map out their general path and even track how long they stay in certain areas.

As an example, in 2018, Bluetooth announced that the Mall of America in Minneapolis was using its technology. "By installing a Bluetooth beacon system, shoppers can choose their destination on the Mall of America app and pinpoint their location within the mall. The app then guides customers in the right direction while providing additional details such as store hours, estimated arrival times, and accessibility options like escalators for shoppers with strollers or wheelchairs," the company wrote.

Armed with this data, store owners can track shopper behavior and adjust their advertisements accordingly, often without the shopper ever knowing. Some retailers use this kind of surveillance to better serve their customers, such as by knowing when a shopper with an appointment has arrived and where they are located, even in a busy store.

You might already be using this technology without realizing it. Personal Bluetooth trackers, such as the Tile series and Apple's AirTags, are great tools for finding frequently misplaced items like your keys. With an app on your phone, you can locate the item as long as it’s near another Bluetooth device that can detect it. But this relies on having many people with Bluetooth turned on. If you left your keys at work, a colleague’s phone might be able to tell you where they are. This is a form of Bluetooth surveillance, and you’re participating in it too — by being part of the network that helps locate lost items for others.

During the COVID-19 pandemic, several governments leveraged Bluetooth technology through tracking apps that citizens could install on their phones. In the UK, for example, if someone tested positive for COVID-19 (and consented to sharing the information), the National Health Service would provide a link for them to enter contact details (names, addresses, phone numbers) of individuals they've been in contact with. The app would then notify these individuals, advising self-isolation if necessary, based on the nature of the contact. The app also alerts users if they come close to someone who has tested positive for COVID-19.

Bluetooth Lingo

Since many terms associated with Bluetooth surveillance include some form of the Bluetooth name, it’s helpful to clarify a few of them. Many of these terms specifically refer to attacks on smartphones. One such term is bluesmacking, a denial-of-service attack that overwhelms a device with excessive data traffic in an effort to crash it.

Bluejacking, which involves sending unsolicited text messages to other Bluetooth users, has nothing to do with hijacking, despite the name suggesting otherwise. The term is actually a blend of Bluetooth and "ajack," the username of a Malaysian IT professional who discovered the glitch and shared it online. Bluejacking is mostly a nuisance, though it could potentially be used in phishing scams to trick someone into sharing personal information through social engineering tactics.

Bluesnarfing occurs when an attacker gains unauthorized access to someone's phone, allowing them to read, modify, or copy information such as contacts, calendar entries, or messages. More severe cases of bluesnarfing involve taking control of the phone itself, using it to make calls, send texts, or browse the web.

Bluebugging refers to an attack aimed at installing a backdoor on your device, which essentially creates a hidden entry point for an attacker, similar to leaving a door unlocked in your home. This method allows unauthorized access to your device, enabling the attacker to steal personal information or spy on your activities. Key Negotiation of Bluetooth (KNOB) exploits the link manager protocol in Bluetooth by setting a security key just one byte long before the devices connect. An attacker within range can crack the one-character passcode, potentially accessing sensitive data or even monitoring your keystrokes.

The KNOB vulnerability, discovered in 2019, has since been patched by updates. If you haven't updated your older Bluetooth devices, it's a good idea to do so. While Bluetooth tracking generally isn't harmful, if you are worried about potential privacy breaches, turning off Bluetooth when it's not in use is a simple precaution.