The project was heavily assisted by AI
What Your Bluetooth Devices Reveal About You: Building Bluehood, a Bluetooth scanner that reveals what information we leak just by having Bluetooth enabled on our devices.
Submitted 1 day ago by Beep@lemmus.org to technology@lemmy.world
https://blog.dmcc.io/journal/2026-bluetooth-privacy-bluehood/
Comments
db2@lemmy.world 1 day ago
MonkderVierte@lemmy.zip 7 hours ago
just by having Bluetooth enabled on our devices.
Which is why i don’t.
essell@lemmy.world 6 hours ago
Might not help.
Some Samsung Bluetooth sharing services talk to other devices with Bluetooth off.
Likely on other brands too. It’s infuriating how normalised this has become despite the obvious privacy and security issues.
Petter1@discuss.tchncs.de 1 day ago
Tldr: Bluetooth isn’t entirely the problem. The problem is manufacturers who don’t add privacy features like rotating identifiers into their Bluetooth enabled devices. Many smartphones are doing this these days.
E.g. modern non-cheap devices (iphone, pixel, general higher level android, airpods, apple watches, other modern headphones etc.) have those, and are not really track able like this.
tal@lemmy.today 4 hours ago
I’d say that it is Bluetooth, because the Bluetooth guys didn’t build resistance to tracking and leaking data into the base protocol. There were efforts to patch over these protocol problems that came later.
iturnedintoanewt@lemmy.world 14 hours ago
I have a Pixel and I remember seeing this specific option in Graphene. But that still leaves the devices you connect to anyway, which still travel with you and probably won’t rotate the identifiers.
0x0@infosec.pub 8 hours ago
Get a faraday pouch.
Squizzy@lemmy.world 9 hours ago
I have a pixel, I am being tracked. This one element might be better but it is an invasive device.
Duke_Nukem_1990@feddit.org 5 hours ago
No GrapheneOS?
tal@lemmy.today 11 hours ago
I mean, forget just locally monitoring around you. Google and Apple’s Location Services phone home with the MAC addresses and signal strengths of nearby Bluetooth devices, so they know when all those devices were active and where. Unless it makes use of MAC ranomization, you can identify a device by its OUI, the first 24 bits of the MAC.
Google knows where people with Bluetooth headphones have gone, even if those people have never used Google products. They can probably identify where that many people have met each other, by correlating locations of devices. They know, say, when and where Bluetooth-enabled Lovense sex toys were active.
www.youtube.com/watch?v=IRELLH86Edo
tal@lemmy.today 2 hours ago
I’d also add that I’d be far from sure that even devices that are randomizing them are using a cryptographically-secure PRNG and reliable source of entropy. Even much-more-expensive and capable-of-obtaining-entropy personal computers with software that can be more-readily-inspected have had a spotty record here. I’d give pretty good odds that there are devices out there using a fixed seed and non-cryptographically-secure PRNG for MAC randomization, and that someone like Google, with a vast database of MAC/time/location data and a bunch of smart computer scientists on staff, could probably break the randomization if it wanted on at least some devices.
But you gotta crawl before you can walk, and today, we know that we aren’t even crawling.
Squizzy@lemmy.world 9 hours ago
Fml