Note: I wrote this several months ago and never published it because I felt it was unfinished. However, this is a good introduction to another article I’m writing so I’m publishing it before it’s quite complete.

Update (4/21/08): Looks like my discussion on tracking by Bluetooth has actually been done by the CS department of the University of Bath, so this is no longer just conjecture.

Bluetooth radios have been in hand held devices for years, but people frequently turned these features off to conserve battery life and increase security. However, Bluetooth hands-free earpieces are becoming more popular and these require the radio to be turned on. The device and ear piece must occasionally send data between them to make sure the paring is still active. Any Bluetooth radio can listen to this communication and determine basic information about the two devices. It’s then possible to attempt a connection to each device and find further information including the manufacturer of the radio, version information of the device firmware and supported Bluetooth services. Theoretically, this information can be obtained from any Bluetooth device from keyboards to cars.

Even with this level of detail, we still can’t answer high-level questions about the device such as “Is this a PalmOS device?” or “Does this device have the capabilities to run my software?”. However, if we consider the information we have to be a ‘fingerprint’ of sorts, a software system could be built to infer the higher level information. It should be possible expose to this system enough devices that we know to be supported to ensure correct detection with a relatively high degree of accuracy. Additionally, as more devices are detected correctly the system can add a new fingerprint to is database and learn from it’s successes.

One Bluetooth service that I’ll be focusing on in particular is the OBEX (OBject EXchange) protocol. This allows for the transfer of files and meta data between devices. If you wanted to send your contact information from your phone to a colleague, you would send a vCard via OBEX Push (Also known as OPP - Object Push Protocol). Unfortunately, if a user has incorrectly configured their device, it’s possible to “spam” them with vCard advertisements and even malicious software.

For the purpose of this discussion we’ll assume that we’re looking for Bluetooth devices set to ‘discoverable’ where the user must confirm the download of any data through the Bluetooth connection and we have a fleet of laptop computers with a Bluetooth radios to find them.

If even a small number of these laptops were put into kiosks positioned at points of transportation (train/bus stations, airports, toll booths, etc.), the data these spots passively receive about a Bluetooth device could be compared between points of the network. The database for a single node could be mined to see patterns in user behavior. It would be possible to see what days of the week a person walks past a particular spot, the average time of day, and how long they may have waited. The database for the whole network could determine patterns in user movement. The routes a person frequents, and even compare people’s movement’s to see how they may relate to each other.

To an advertiser who owns billboard or other advertising space in that area, such data could be a key revenue generating tool.

Instead of a kiosk, this software were to be written for a mobile device that had both Bluetooth and GPS capabilities. It could be carried by anyone, constantly reading the Bluetooth signatures of surrounding devices and reporting back the GPS location and details of the device in a completely clandestine manner.

Posted by admin on Sunday, February 17th, 2008 at 11:28 am.