Tracking Anonymized Bluetooth Devices via BLE security flaw

Step 0: Be a stateactor or collaborate with a bunch of shops ie be a shopping mall.

Step 1: Record Bluetooth from multiple positions

Step 2: Accurately guesstimate where they are based kn strength

Or the simple version: Make public transport do it.

The goal is just to be able to say, X bluetooth signal belongs to Ys ear buds, they were on train Z at time, and left train Z at time. There is a good chanve they got on here, and left there going by train schedule.

We then found the signal again when he walked past one of our shops, so we know he walked this way at this pace. If he continues that pace he will be here and we will spot his signal again there.

/r/netsec Thread Parent Link - petsymposium.org