Location Tracking of Bluetooth Devices

hi my name is biomartin hagnes and welcome to my talk about location tracking of bluetooth devices this project is based on my uh this talk is uh based on my student project from the first year of networking ad security studies where we had to incorporate what we learned from all order classes into one project as you can see this is what i'm going to touch upon today my automation for the project a case with a final student of mine some mac basics so we all know what know what we're talking about hardware and resources used for a project as well as the data collection process the presentation of the different track devices with some interesting results and

findings and then the bigger picture why this all matters we started one day at class we had a discussion about how it was possible to track somebody we don't with them not being online and uh um disagreement aroused with a fellow student of mine he said how is that possible my name aren't on the device how do you know it's me i took this as a challenge then in a later setting he told me about how he usually forgot his keys and he used ages to find him that's why he buy the tile and after that it was so much easier to find them bingo so what is a tile it's a company that's offer a bluetooth

tracker that works with bluetooth and you can connect it to whatever you want make it easier to find misplaced things it's basically an air tag and these are data points i collected from this tile as you can see it's 25 broad data points it includes the gps position when collected as well as the mac address name of the device time and date when captured and a single strength and with this data you can start visualize it onto a map at this location there were a lot of different trials but there were one in particular that was uh stood out the single strength showed it was less than uh it was in the proximity less than a meter making it most probably my

fellow student since we set the next journey in class and my suspicion was true as half of the data points was located in one spot making it easy to find where it lived so what is a mac address it's a stanford media access control it's a physical address it's manufactured into every network interface card the three first octets are assigned by the ieee to a manufacturer vendor or organization and the three lost octets are for the owner to assign this makes it a unique identifier and as you can see in bluetooth city a bunch of different bluetooth devices screen without unique mac addresses communicating with the world it's similar to if i started shouting out my personal number right now

and then antenna man appears the resources to become an atonement is low as it needs basic technical knowledge such as knowing how to to use the linux command line as well as using how to plug in a usb adapter and then the data visualization software that was used i used that student license since it was free and was recommended but there are a lot of different open source alternatives you that you can use then a bike i already had a smartphone already had and the total budget was about 3000 kroner this is artemora the hardware i used it's a raspberry pi 4. even though it's have bluetooth capability and buying a lm 1010 from lm technologies since this is made

for long-range communication and has a smart connector which i end up using because the data collection part was done during one of the covet lockdowns and nobody was outside making it perfect to add an omniducture omnidirectional antenna to get the signals from inside of buildings and then for a wi-fi part i used the alpha adapter i would not recommend this one then a globe set gps this was recommended in different tutorials and the setup that that that observed then lastly a power bank that fits to the raspberry pi 4. for the phone i used the samsung knight note 9. this was used during the planning phase and test phase with the use of the wiggle

wi-fi board driving app as well as route planning during the data collection and be able to ssh into the raspberry pi during the data collection and as well as a backup solution the software used on raspberry pi was kismet it's a networking network and device detector it's a sniffer and a well-known word driving tool the data collection part was done during 12 days within ring tree of oslo as you can see and i did set off two to three hours per day and covered about 300 kilometers it was tiresome to make it more structured in the data collection part i did divide up the sitting like this i did did part by part making making it

not that i was in uh in one area more than necessary and accumulated data that was raw was six gigabytes it contains what uh all of the information there are about the captured device even the connected client to a wi-fi access point capture packages mac address handshakes and even more but the data i was after was parsed to our csv file and they ended up with like 208 megabytes and additionally the data set captured from the phone which was 300 megabytes and as you can see this data was imported to our sql database then connected with tableau and with no filters on you can see it's m ms all over town the interesting thing starts when you're

starting to filtering out all of the noise as you can see there's smart mugs you can track people with even though there are not that many data points on it i wanted to add it to to show how absurdity with all of the technology we have and even tvs as you can see a lot of smart tvs are in oslo and this makes what what can you use this data for as you can see you can use it to in those countries that's a tv license you can actually find out if a household has a tv or you can measure brand density as you can see here in oslo something six series was the most popular one

but the most interesting thing is how you can actually actually track individuals each of these dots are our device and the draws the lines drawn in between them are more and more data points on that device as you can see it was from as a result this was easier to track individuals by the headphones rather than smartphones since most smartphones users don't have on discoverable mode long and unnecessary and and they use randomized mac addresses not the chinese ones so this was made it possible to track individuals in the city like you see even to a neighbor city the purple one is my girlfriend and even cross country and even cars are getting more smarter

as you can see here i could track the cars with the internal bluetooth and wi-fi hotspots but as well as older cars since they don't use fm radio anymore people are buying dab radios and those have bluetooth capability as well as standalone gpss with bluetooth as well as hands-free devices and since as you can see here even the names of the devices as like the audi car they're having a unique identifier in their name making it even more easier to track them and as you can see this is a data is actually from a road trip from last summer and you can track a car that has a blue gps this comes to the tesla cars

as you can see it's easy to track them with bluetooth signal and wifi hotspots but what can you use this data for well also the tesla key as you can see it's possible to correlate the tesla key with a tesla car so if you know where the car are and you know where the keys are i think you guys can put two and two together and draw an obvious conclusion about this as well as seeing how often the density of tesla cars in oslo you can see which part of oslo the tesla car is most observed at yeah it's the best part so this device i made it's actually used in a lot of intersex intersection around

the world in series and it's actually used for travel time data collection which is are then used for city planning seeing watch rush hour helping every travel time and basically counting traffic this made me to set out my own by the freeway in oslo and as you can see at the moment the data is anonymous it shows three highs in the morning morning rush midday rush and afternoon before it's flattening out this is anonymous at the moment but if they're still keeping their logs you can see a pattern appears when they're passing every time if you think if if you think this is all over a city you can actually start to track match track a whole city

and auto pass had this capability until they shut down so in 2020. so the positive sides with this what can you use it to well you can find you lost stuff such as your car smart tv and refrigerators anything that's broadcast the mac address i'm not kidding it's i found a lot of refrigerators but so can everybody else such as stores governmental agencies stalkers data brokers basically anyone that wants to track you as an example data brokers they correlate data sets and sources and builds a detailed picture of you and then sells this personal information about you so as you can see in this example you can start with a blues's mac address correlated with

another data set which have a name and the bluetooth mac address then to a public information which i did with my fellow colleague student student to find out where to live like yellow pages linkedin whatever and then use the breach data set and with this you can make a more combined data set of the individual groups or yeah whatever and as you can see uh mara swaltz from the the project was written in in error k and where it was possible to actually track down one guy and call him and ask him if he was at these two places and he have never been so creeped out before so the bigger picture are the issue isn't there and they're

paranoid but the apparent enough location data not only stays where you were but who you are like address potential financial status sexual orientation works place such as what kind of career you have religion patterns of behavior such as shopping tendency or mobility orientations and as you can see in the comment section nobody cares about privacy until impacts themselves but there are many people in the world that need privacy just in order to survive such as lgbtq in individuals in oppressive societies prosecuted political and religious individuals and groups and victims of stalking to sum it all up there are no anonymous location error thank you

anybody any questions before we got mr barry irwin and digging and delving in dns yes one question have you thought about using conferences to track people yeah i was thinking about that i already done it before when i was at scotty thousand secret start so so it's easy anybody else time for one more question if anybody's got one no okay in the back yeah

so you're telling me i can buy an antenna on l ship and then track everybody would you say i can buy an antenna on elliship and then track my teacher or something yeah yeah that's true i buy most of my stuff at the challenge company so is your teacher sitting next to you okay thanks for the questions and thank you bjorn martin hagnes thanks

you